Author Topic: I guess I don't know how to clean a HDD after all. (Read 25741 times)

Valorus · « **on:** January 30, 2013, 02:15:23 PM »

I have a Gigabyte i5 desktop w/8 GB memory, 1TB HDD that has a virus I don't seem to be able to remove. I've run DDS, Mbam, and CCCleaner but
can't get the reports off of the drive. This thing disables the USB ports (keyboard), the mouse is still enabled, shut the internet off when anything tries
to update, won't allow me to install drivers for anything. The only way to import anything is to put it on a DVD, but I can't write to the disk drive to copy
the test reports. I hope someone has an idea where to start. I've already tried Kaspersky recovery disk, it found nothing. I cleaned the hard drive
with DBan and thought it would remove everything, but the bug is still there. Help!!

Valorus · « **Reply #1 on:** January 30, 2013, 03:43:24 PM »

I managed to get this much, I hope it helps.

NP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04\3&11583659&0&A0
Service:
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_1C3A1458&REV_04\3&11583659&0&B0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_1C3A1458&REV_04\3&11583659&0&B0
Service:
.
==== System Restore Points ===================
.
RP3: 1/28/2013 3:36:47 PM - Windows Update
RP4: 1/28/2013 3:40:39 PM - Installed Etron USB3.0 Host Controller
RP5: 1/28/2013 3:50:46 PM - Installed Kaspersky Internet Security 2011.
RP6: 1/28/2013 4:04:07 PM - Installed EZ Setup B12.0330.01
RP7: 1/28/2013 4:05:42 PM - Installed EZ Setup B12.0330.01
RP8: 1/29/2013 12:54:52 PM - Installed Platform
RP9: 1/29/2013 12:57:03 PM - Installed Platform
RP10: 1/29/2013 1:02:29 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Enable S3 for USB Device
ESET Online Scanner v3
Etron USB3.0 Host Controller
EZ Setup B12.0330.01
Kaspersky Anti-Virus 2011
Kaspersky Internet Security 2011
Malwarebytes Anti-Malware version 1.70.0.1100
Realtek High Definition Audio Driver
.
==== Event Viewer Messages From Past Week ========
.
1/30/2013 12:27:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
.
==== End Of File ===========================

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/28/2013 3:36:03 PM
System Uptime: 1/30/2013 12:24:15 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | Z77X-UD5H
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | 3701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 272.854 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.083 GiB free.
E: is CDROM (CDFS)
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_50011458&REV_04\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_50011458&REV_04\3&11583659&0&FB
Service:
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_E0001458&REV_04\3&11583659&0&C8
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_E0001458&REV_04\3&11583659&0&C8
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04\3&11583659&0&A0
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04\3&11583659&0&A0
Service:
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_1C3A1458&REV_04\3&11583659&0&B0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_1C3A1458&REV_04\3&11583659&0&B0
Service:
.
==== System Restore Points ===================
.
RP3: 1/28/2013 3:36:47 PM - Windows Update
RP4: 1/28/2013 3:40:39 PM - Installed Etron USB3.0 Host Controller
RP5: 1/28/2013 3:50:46 PM - Installed Kaspersky Internet Security 2011.
RP6: 1/28/2013 4:04:07 PM - Installed EZ Setup B12.0330.01
RP7: 1/28/2013 4:05:42 PM - Installed EZ Setup B12.0330.01
RP8: 1/29/2013 12:54:52 PM - Installed Platform
RP9: 1/29/2013 12:57:03 PM - Installed Platform
RP10: 1/29/2013 1:02:29 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Enable S3 for USB Device
ESET Online Scanner v3
Etron USB3.0 Host Controller
EZ Setup B12.0330.01
Kaspersky Anti-Virus 2011
Kaspersky Internet Security 2011
Malwarebytes Anti-Malware version 1.70.0.1100
Realtek High Definition Audio Driver
.
==== Event Viewer Messages From Past Week ========
.
1/30/2013 12:27:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Norm-Main at 12:26:48 on 2013-01-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8077.6757 [GMT -8:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\wmi64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{DCEB77E5-379D-4F4A-9DAE-563342F51101} : DHCPNameServer = 192.168.0.1 192.168.0.2
SSODL: WebCheck - <orphaned>
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-2 365336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-29 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-29 682344]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C60x64.sys [2013-1-28 99440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-29 24176]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-1-28 32344]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-30 1255736]
.
=============== Created Last 30 ================
.
2013-01-30 20:23:44   --------   d-----w-   C:\Windows\SysWow64\Wat
2013-01-30 20:23:44   --------   d-----w-   C:\Windows\System32\Wat
2013-01-29 20:58:15   74248   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-29 20:58:15   697864   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-29 20:16:44   8199504   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-29 20:16:41   9161176   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{15158A4A-74CA-4BC4-B6A7-E4A536EA8FFC}\mpengine.dll
2013-01-29 19:41:24   --------   d-----w-   C:\Program Files (x86)\ESET
2013-01-29 19:40:28   --------   d-----w-   C:\Users\Norm-Main\AppData\Roaming\Malwarebytes
2013-01-29 19:40:16   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-01-29 19:40:15   24176   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-01-29 19:40:15   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-29 19:40:02   --------   d-----w-   C:\Users\Norm-Main\AppData\Local\Programs
2013-01-29 00:11:05   306688   ----a-w-   C:\Windows\IsUninst.exe
2013-01-29 00:04:19   --------   d-----w-   C:\Program Files (x86)\GIGABYTE
2013-01-29 00:03:57   69714   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-01-29 00:03:57   63488   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-01-29 00:03:57   5632   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-01-29 00:03:57   274432   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-01-29 00:03:57   184320   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-01-29 00:03:56   753664   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-01-29 00:03:56   331908   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-01-29 00:03:56   200836   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-01-28 23:58:12   --------   d-----w-   C:\Windows\SysWow64\RTCOM
2013-01-28 23:58:12   --------   d-----w-   C:\Program Files\Realtek
2013-01-28 23:51:17   --------   d-----w-   C:\ProgramData\Kaspersky Lab
2013-01-28 23:51:17   --------   d-----w-   C:\Program Files (x86)\Kaspersky Lab
2013-01-28 23:50:06   --------   d-----w-   C:\ProgramData\Kaspersky Lab Setup Files
2013-01-28 23:46:25   99440   ----a-w-   C:\Windows\System32\drivers\L1C60x64.sys
2013-01-28 23:42:21   104560   ----a-w-   C:\Windows\System32\drivers\L1C62x64.sys
2013-01-28 23:42:09   --------   d-----w-   C:\Windows\SysWow64\Atheros_L1e
2013-01-28 23:41:30   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2013-01-28 23:41:30   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2013-01-28 23:41:30   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2013-01-28 23:41:30   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2013-01-28 23:40:55   --------   d-----w-   C:\Program Files (x86)\Etron Technology
2013-01-28 23:40:30   --------   d-sh--w-   C:\Windows\Installer
2013-01-28 23:37:15   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2013-01-28 23:37:07   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2013-01-28 23:16:28   --------   d-----w-   C:\Windows\Panther
2013-01-28 23:16:15   --------   d-sh--w-   C:\Boot
2013-01-28 23:15:56   --------   d-----w-   C:\Windows\System32\OEM
2013-01-28 23:15:56   --------   d-----w-   C:\Hotfix
2013-01-28 23:15:56   --------   d-----w-   C:\Drivers
.
==================== Find3M ====================
.
2012-12-16 17:11:22   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03   367616   ----a-w-   C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28   295424   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
.
============= FINISH: 12:27:37.84 ===============

# AdwCleaner v2.109 - Logfile created 01/29/2013 at 11:42:06
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Norm-Main - NORM-MAIN-PC
# Boot Mode : Normal
# Running from : F:\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [503 octets] - [29/01/2013 11:42:06]

########## EOF - C:\AdwCleaner[R1].txt - [562 octets] ##########

SuperDave · « **Reply #2 on:** January 30, 2013, 03:52:31 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Do you have your Window7 disk?
Please run MBAM in Safe Mode with NetWorking.

Malwarebytes' Anti-Malware (MBAM)

If you already have Malwarebytes be sure to check for updates before scanning!

Download Malwarebytes Anti-Malware and save it to your desktop. Alternate download link

•Double-click mbam-setup.exe and follow the prompts to install the program.

•Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

•If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

•If an update is found, it will download and install the latest version.
•Once the program has loaded, select Perform Quick Scan, then click Scan.

•When the scan is complete, click OK, then Show Results to view the results.

•Be sure that everything is checked, and click Remove Selected.

•When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.

•The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.

•Copy and Paste the contents of the report in your reply.

•Exit MBAM.
.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Valorus · « **Reply #3 on:** January 30, 2013, 04:16:33 PM »

Hi Dave,

Thanks for your help. I can't d/l Mbam log, my malware shut off access to the DVD drive after I copied the logs
above. It did say no problems detected. This bug seems to turn things off and on to suit itself.
It shuts off the keyboard in both regular and protected modes so I can't enter any commands.

SuperDave · « **Reply #4 on:** January 30, 2013, 05:04:56 PM »

Quote from: Valorus on January 30, 2013, 04:16:33 PM

Hi Dave,

Thanks for your help. I can't d/l Mbam log, my malware shut off access to the DVD drive after I copied the logs
above. It did say no problems detected. This bug seems to turn things off and on to suit itself.
It shuts off the keyboard in both regular and protected modes so I can't enter any commands.

Disconnet you computer from the power supply for at least 30 secs. and see if that makes any difference.

Valorus · « **Reply #5 on:** January 31, 2013, 09:32:50 AM »

That helped, Dave. It still kills the keyboard, but not the wireless anymore. I found a virtual KB
that let me enter this.

Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP3: 1/28/2013 3:36:47 PM - Windows Update
RP4: 1/28/2013 3:40:39 PM - Installed Etron USB3.0 Host Controller
RP5: 1/28/2013 3:50:46 PM - Installed Kaspersky Internet Security 2011.
RP6: 1/28/2013 4:04:07 PM - Installed EZ Setup B12.0330.01
RP7: 1/28/2013 4:05:42 PM - Installed EZ Setup B12.0330.01
RP8: 1/29/2013 12:54:52 PM - Installed Platform
RP9: 1/29/2013 12:57:03 PM - Installed Platform
RP10: 1/29/2013 1:02:29 PM - Windows Update
RP11: 1/30/2013 5:34:23 PM - Installed Sound Blaster X-Fi MB 2
RP12: 1/30/2013 5:40:36 PM - Installed ON_OFF Charge B11.1102.1
RP13: 1/30/2013 5:43:53 PM - Installed Easy Tune 6 B12.0402.1
RP14: 1/30/2013 5:45:45 PM - Installed LanOptimizer
RP15: 1/30/2013 5:46:36 PM - Installed AutoGreen B12.0206.1
RP16: 1/30/2013 5:48:17 PM - Installed WinZip 15.0
RP17: 1/31/2013 7:46:39 AM - Removed Splashtop Connect for IE.
.
==== Installed Programs ======================
.
@BIOS
Adobe Flash Player 11 ActiveX
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AutoGreen B12.0206.1
CCleaner
Easy Tune 6 B12.0402.1
Enable S3 for USB Device
ESET Online Scanner v3
Etron USB3.0 Host Controller
EZ Setup B12.0330.01
HitmanPro 3.7
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 16.5.2.0
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Kaspersky Anti-Virus 2011
Kaspersky Internet Security 2011
LanOptimizer
Malwarebytes Anti-Malware version 1.70.0.1100
marvell 91xx driver
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
ON_OFF Charge B11.1102.1
Sound Blaster X-Fi MB 2
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
1/31/2013 8:33:00 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2013 8:32:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/31/2013 8:32:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/31/2013 8:32:58 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2013 8:32:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/31/2013 8:32:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/31/2013 8:32:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache KLIF spldr Wanarpv6
1/31/2013 8:32:26 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2013 8:17:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
1/31/2013 8:17:01 AM, Error: Service Control Manager [7034] - The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
1/31/2013 8:16:56 AM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/31/2013 8:16:51 AM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
1/31/2013 8:16:46 AM, Error: Service Control Manager [7034] - The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly. It has done this 1 time(s).
1/31/2013 8:16:29 AM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
1/31/2013 8:16:27 AM, Error: Service Control Manager [7034] - The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
1/31/2013 8:16:26 AM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
1/30/2013 12:58:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
1/30/2013 12:56:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLIF spldr Wanarpv6
1/30/2013 12:49:23 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/30/2013 12:49:23 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/30/2013 12:49:23 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
1/30/2013 12:49:23 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
1/30/2013 12:49:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/30/2013 12:27:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
.
==== End Of File ===========================

uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{DCEB77E5-379D-4F4A-9DAE-563342F51101} : DHCPNameServer = 192.168.0.1 192.168.0.2
SSODL: WebCheck - <orphaned>
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-RunOnce: [NoIE4StubProcessing] C:\Windows\System32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-30 16152]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-1-30 32360]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-1-30 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-1-30 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C60x64.sys [2013-1-28 99440]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-1-30 21616]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-2 365336]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-1-30 108904]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-30 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-30 171688]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-30 161560]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-29 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-29 682344]
S2 SetupARService;SetupARService;C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2013-1-30 24576]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-1-30 363800]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-1-30 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-1-30 79360]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2013-1-30 30528]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-1-30 160256]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-29 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-30 1255736]
.
=============== Created Last 30 ================
.
2013-01-31 01:54:26   --------   d-----w-   C:\Program Files (x86)\Common Files\Intel Corporation
2013-01-31 01:54:07   --------   d-----w-   C:\Users\Norm-Main\AppData\Roaming\Intel Corporation
2013-01-31 01:53:44   30528   ----a-w-   C:\Windows\GVTDrv64.sys
2013-01-31 01:53:24   25640   ----a-w-   C:\Windows\gdrv.sys
2013-01-31 01:46:03   32360   ----a-r-   C:\Windows\System32\drivers\ndisrd.sys
2013-01-31 01:44:10   --------   d-----w-   C:\Program Files (x86)\AMD
2013-01-31 01:40:43   31272   ----a-w-   C:\Windows\System32\AppleChargerSrv.exe
2013-01-31 01:40:43   21616   ----a-w-   C:\Windows\System32\drivers\AppleCharger.sys
2013-01-31 01:40:43   --------   d-----w-   C:\Program Files\GIGABYTE
2013-01-31 01:39:29   568600   ----a-w-   C:\Windows\System32\drivers\iaStor.sys
2013-01-31 01:39:12   --------   d-----w-   C:\Program Files (x86)\Marvell
2013-01-31 01:38:55   171688   ----a-w-   C:\Windows\System32\IPROSetMonitor.exe
2013-01-31 01:38:31   355016   ----a-r-   C:\Windows\System32\PROUnstl.exe
2013-01-31 01:36:58   89600   ----a-w-   C:\Windows\System32\CmdRtr64.DLL
2013-01-31 01:36:58   74240   ----a-w-   C:\Windows\SysWow64\CmdRtr.DLL
2013-01-31 01:36:58   325120   ----a-w-   C:\Windows\System32\APOMgr64.DLL
2013-01-31 01:36:58   246272   ----a-w-   C:\Windows\SysWow64\APOMngr.DLL
2013-01-31 01:36:55   809560   ----a-r-   C:\Windows\SysWow64\tmpB339.tmp
2013-01-31 01:36:55   466520   ----a-w-   C:\Windows\System32\wrap_oal.dll
2013-01-31 01:36:55   445016   ----a-w-   C:\Windows\SysWow64\wrap_oal.dll
2013-01-31 01:36:55   123480   ----a-w-   C:\Windows\System32\OpenAL32.dll
2013-01-31 01:36:55   109144   ----a-w-   C:\Windows\SysWow64\OpenAL32.dll
2013-01-31 01:36:54   2906586   ------w-   C:\Windows\SysWow64\Sens_oal.dll
2013-01-31 01:36:54   1944064   ------w-   C:\Windows\System32\Sens_oal.dll
2013-01-31 01:35:44   --------   d-----w-   C:\Program Files (x86)\Common Files\Creative Labs Shared
2013-01-31 01:35:18   --------   d-----w-   C:\Program Files\Creative
2013-01-31 01:34:16   --------   d-----w-   C:\Program Files (x86)\Common Files\Macrovision Shared
2013-01-31 01:34:13   --------   d-----w-   C:\Program Files (x86)\Creative
2013-01-31 01:34:08   729088   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-01-31 01:34:08   69715   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-01-31 01:34:08   5632   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-01-31 01:34:08   266240   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-01-31 01:34:08   192512   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-01-31 01:34:07   311428   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-01-31 01:34:07   188548   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-01-31 01:33:17   15128   ----a-w-   C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-01-31 01:32:25   53248   ----a-r-   C:\Windows\SysWow64\CSVer.dll
2013-01-31 01:32:21   --------   d-----w-   C:\Program Files (x86)\Common Files\postureAgent
2013-01-31 01:32:14   60184   ----a-w-   C:\Windows\System32\drivers\HECIx64.sys
2013-01-31 01:31:54   --------   d--h--w-   C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2013-01-31 01:31:05   --------   d-----w-   C:\Users\Norm-Main\AppData\Roaming\Splashtop
2013-01-31 01:30:55   --------   d-----w-   C:\Program Files (x86)\Splashtop
2013-01-31 01:27:33   --------   d-----w-   C:\Program Files (x86)\Realtek
2013-01-31 00:17:00   --------   d-----w-   C:\Program Files\HitmanPro
2013-01-31 00:11:01   --------   d-----w-   C:\ProgramData\HitmanPro
2013-01-30 23:35:12   77312   ----a-w-   C:\Windows\System32\packager.dll
2013-01-30 23:35:12   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
2013-01-30 20:53:48   16152   ----a-w-   C:\Windows\System32\drivers\iusb3hcs.sys
2013-01-30 20:53:40   356120   ----a-w-   C:\Windows\System32\drivers\iusb3hub.sys
2013-01-30 20:53:36   787736   ----a-w-   C:\Windows\System32\drivers\iusb3xhc.sys
2013-01-30 20:53:28   --------   d-----w-   C:\Intel
2013-01-30 20:42:43   --------   d-----w-   C:\Users\Norm-Main\AppData\Local\Diagnostics
2013-01-30 20:28:47   --------   d-----w-   C:\Program Files\CCleaner
2013-01-30 20:23:44   --------   d-----w-   C:\Windows\SysWow64\Wat
2013-01-30 20:23:44   --------   d-----w-   C:\Windows\System32\Wat
2013-01-29 20:58:15   74248   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-29 20:58:15   697864   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-29 20:16:44   9161176   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-29 19:41:24   --------   d-----w-   C:\Program Files (x86)\ESET
2013-01-29 19:40:28   --------   d-----w-   C:\Users\Norm-Main\AppData\Roaming\Malwarebytes
2013-01-29 19:40:16   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-01-29 19:40:15   24176   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-01-29 19:40:15   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-29 19:40:02   --------   d-----w-   C:\Users\Norm-Main\AppData\Local\Programs
2013-01-29 00:11:05   306688   ----a-w-   C:\Windows\IsUninst.exe
2013-01-29 00:04:19   --------   d-----w-   C:\Program Files (x86)\GIGABYTE
2013-01-29 00:03:57   69714   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-01-29 00:03:57   63488   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-01-29 00:03:57   5632   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-01-29 00:03:57   274432   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-01-29 00:03:57   184320   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-01-29 00:03:56   753664   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-01-29 00:03:56   331908   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-01-29 00:03:56   200836   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-01-28 23:58:12   --------   d-----w-   C:\Program Files\Realtek
2013-01-28 23:57:05   --------   d--h--w-   C:\Program Files (x86)\Temp
2013-01-28 23:57:03   1698408   ------r-   C:\Windows\RtlExUpd.dll
2013-01-28 23:57:01   32768   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-01-28 23:51:17   --------   d-----w-   C:\ProgramData\Kaspersky Lab
2013-01-28 23:51:17   --------   d-----w-   C:\Program Files (x86)\Kaspersky Lab
2013-01-28 23:50:06   --------   d-----w-   C:\ProgramData\Kaspersky Lab Setup Files
2013-01-28 23:46:25   99440   ----a-w-   C:\Windows\System32\drivers\L1C60x64.sys
2013-01-28 23:42:21   104560   ----a-w-   C:\Windows\System32\drivers\L1C62x64.sys
2013-01-28 23:42:09   --------   d-----w-   C:\Windows\SysWow64\Atheros_L1e
2013-01-28 23:41:30   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2013-01-28 23:41:30   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2013-01-28 23:41:30   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2013-01-28 23:41:30   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2013-01-28 23:40:55   --------   d-----w-   C:\Program Files (x86)\Etron Technology
2013-01-28 23:40:30   --------   d-sh--w-   C:\Windows\Installer
2013-01-28 23:37:15   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2013-01-28 23:37:07   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2013-01-28 23:16:28   --------   d-----w-   C:\Windows\Panther
2013-01-28 23:16:15   --------   d-sh--w-   C:\Boot
2013-01-28 23:15:56   --------   d-----w-   C:\Windows\System32\OEM
2013-01-28 23:15:56   --------   d-----w-   C:\Hotfix
2013-01-28 23:15:56   --------   d-----w-   C:\Drivers
.
==================== Find3M ====================
.
2012-12-16 17:11:22   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03   367616   ----a-w-   C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28   295424   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
.
============= FINISH: 8:51:16.96 ===============

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.29.10

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Norm-Main :: NORM-MAIN-PC [administrator]

Protection: Disabled

1/31/2013 8:56:29 AM
mbam-log-2013-01-31 (08-56-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209649
Time elapsed: 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SuperDave · « **Reply #6 on:** January 31, 2013, 11:33:52 AM »

Quote

It still kills the keyboard

Can you try another keyboard?

Download Combofix from any of the links below, and save it to your DESKTOP.
If your computer defaults your downloads to the Download folder, you will need to copy it to your desktop
Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Valorus · « **Reply #7 on:** January 31, 2013, 02:22:11 PM »

Here's Combofix Dave.

ComboFix 13-01-31.03 - Norm-Main 01/31/2013 13:39:27.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8077.7221 [GMT -8:00]
Running from: c:\users\Norm-Main\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SysWow64\tmpB338.tmp
c:\windows\SysWow64\tmpB339.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 21:42 . 2013-01-31 21:42   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-01-31 21:35 . 2013-01-31 21:35   --------   d-----w-   c:\program files (x86)\7-zip
2013-01-31 21:35 . 2013-01-31 21:35   --------   d-----w-   c:\programdata\APN
2013-01-31 01:54 . 2013-01-31 01:54   --------   d-----w-   c:\program files (x86)\Common Files\Intel Corporation
2013-01-31 01:40 . 2011-11-02 18:48   21616   ----a-w-   c:\windows\system32\drivers\AppleCharger.sys
2013-01-31 01:40 . 2010-04-07 00:30   31272   ----a-w-   c:\windows\system32\AppleChargerSrv.exe
2013-01-31 01:39 . 2011-11-30 03:40   568600   ----a-w-   c:\windows\system32\drivers\iaStor.sys
2013-01-31 01:39 . 2013-01-31 01:39   --------   d-----w-   c:\program files (x86)\Marvell
2013-01-31 01:38 . 2011-06-29 18:51   171688   ----a-w-   c:\windows\system32\IPROSetMonitor.exe
2013-01-31 01:38 . 2011-07-26 19:57   355016   ----a-r-   c:\windows\system32\PROUnstl.exe
2013-01-31 01:36 . 2011-12-17 01:18   325120   ----a-w-   c:\windows\system32\APOMgr64.DLL
2013-01-31 01:33 . 2011-12-16 18:40   15128   ----a-w-   c:\windows\system32\drivers\IntelMEFWVer.dll
2013-01-31 01:32 . 2013-01-31 01:33   --------   d-----w-   c:\programdata\Intel
2013-01-31 01:32 . 2013-01-31 01:38   --------   d-----w-   c:\program files\Intel
2013-01-31 01:32 . 2011-12-06 23:55   53248   ----a-r-   c:\windows\SysWow64\CSVer.dll
2013-01-31 01:32 . 2013-01-31 01:32   --------   d-----w-   c:\program files (x86)\Common Files\postureAgent
2013-01-31 01:32 . 2011-11-10 09:04   60184   ----a-w-   c:\windows\system32\drivers\HECIx64.sys
2013-01-31 01:31 . 2013-01-31 01:31   --------   d--h--w-   c:\programdata\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2013-01-31 01:30 . 2013-01-31 15:51   --------   d-----w-   c:\program files (x86)\Splashtop
2013-01-31 01:27 . 2013-01-31 01:45   --------   d-----w-   c:\program files (x86)\Realtek
2013-01-31 00:17 . 2013-01-31 00:17   --------   d-----w-   c:\program files\HitmanPro
2013-01-31 00:11 . 2013-01-31 17:39   --------   d-----w-   c:\programdata\HitmanPro
2013-01-30 23:35 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2013-01-30 23:35 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
2013-01-30 23:21 . 2011-04-09 06:58   142336   ----a-w-   c:\windows\system32\poqexec.exe
2013-01-30 23:21 . 2011-04-09 05:56   123904   ----a-w-   c:\windows\SysWow64\poqexec.exe
2013-01-30 20:53 . 2012-01-27 09:39   16152   ----a-w-   c:\windows\system32\drivers\iusb3hcs.sys
2013-01-30 20:53 . 2012-01-27 09:39   356120   ----a-w-   c:\windows\system32\drivers\iusb3hub.sys
2013-01-30 20:53 . 2012-01-27 09:39   787736   ----a-w-   c:\windows\system32\drivers\iusb3xhc.sys
2013-01-30 20:53 . 2013-01-31 01:44   --------   d-----w-   c:\program files (x86)\Intel
2013-01-30 20:53 . 2013-01-31 01:33   --------   d-----w-   C:\Intel
2013-01-30 20:28 . 2013-01-30 20:28   --------   d-----w-   c:\program files\CCleaner
2013-01-30 20:23 . 2013-01-30 20:23   --------   d-----w-   c:\windows\SysWow64\Wat
2013-01-30 20:23 . 2013-01-30 20:23   --------   d-----w-   c:\windows\system32\Wat
2013-01-29 20:58 . 2013-01-29 20:58   74248   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-29 20:58 . 2013-01-29 20:58   697864   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-29 20:58 . 2013-01-29 20:58   --------   d-----w-   c:\windows\system32\Macromed
2013-01-29 19:41 . 2013-01-29 19:41   --------   d-----w-   c:\program files (x86)\ESET
2013-01-29 19:40 . 2013-01-29 19:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-01-29 19:40 . 2013-01-29 20:04   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-29 19:40 . 2012-12-15 00:49   24176   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-01-29 00:18 . 2013-01-29 00:18   --------   d-----w-   c:\windows\SysWow64\Macromed
2013-01-29 00:11 . 1998-10-30 00:45   306688   ----a-w-   c:\windows\IsUninst.exe
2013-01-29 00:04 . 2013-01-31 21:20   --------   d-----w-   c:\program files (x86)\GIGABYTE
2013-01-28 23:58 . 2013-01-28 23:58   --------   d-----w-   c:\program files\Realtek
2013-01-28 23:57 . 2013-01-31 01:53   --------   d--h--w-   c:\program files (x86)\Temp
2013-01-28 23:57 . 2011-12-13 03:01   1698408   ------r-   c:\windows\RtlExUpd.dll
2013-01-28 23:57 . 2013-01-29 20:54   --------   d-----w-   c:\program files (x86)\Common Files\InstallShield
2013-01-28 23:51 . 2013-01-31 21:06   --------   d-----w-   c:\programdata\Kaspersky Lab
2013-01-28 23:51 . 2013-01-28 23:51   --------   d-----w-   c:\program files (x86)\Kaspersky Lab
2013-01-28 23:51 . 2013-01-28 23:51   556120   ----a-w-   c:\windows\system32\drivers\klif.sys
2013-01-28 23:50 . 2013-01-28 23:50   --------   d-----w-   c:\programdata\Kaspersky Lab Setup Files
2013-01-28 23:46 . 2011-08-11 22:54   99440   ----a-w-   c:\windows\system32\drivers\L1C60x64.sys
2013-01-28 23:42 . 2011-08-11 22:54   104560   ----a-w-   c:\windows\system32\drivers\L1C62x64.sys
2013-01-28 23:42 . 2013-01-28 23:46   --------   d-----w-   c:\windows\SysWow64\Atheros_L1e
2013-01-28 23:41 . 2012-02-17 06:38   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2013-01-28 23:41 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2013-01-28 23:41 . 2012-02-17 04:58   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2013-01-28 23:41 . 2012-02-17 04:57   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2013-01-28 23:40 . 2013-01-31 21:20   --------   d--h--w-   c:\program files (x86)\InstallShield Installation Information
2013-01-28 23:40 . 2013-01-28 23:40   --------   d-----w-   c:\program files (x86)\Etron Technology
2013-01-28 23:40 . 2013-01-31 21:20   --------   d-sh--w-   c:\windows\Installer
2013-01-28 23:37 . 2012-06-02 22:19   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2013-01-28 23:37 . 2012-06-02 22:19   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2013-01-28 23:37 . 2012-06-02 22:19   44056   ----a-w-   c:\windows\system32\wups2.dll
2013-01-28 23:37 . 2012-06-02 22:15   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2013-01-28 23:37 . 2012-06-02 22:19   38424   ----a-w-   c:\windows\system32\wups.dll
2013-01-28 23:37 . 2012-06-02 22:19   701976   ----a-w-   c:\windows\system32\wuapi.dll
2013-01-28 23:37 . 2012-06-02 22:15   99840   ----a-w-   c:\windows\system32\wudriver.dll
2013-01-28 23:36 . 2012-06-02 23:19   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2013-01-28 23:36 . 2012-06-02 23:15   36864   ----a-w-   c:\windows\system32\wuapp.exe
2013-01-28 23:36 . 2013-01-31 01:48   --------   d-----w-   c:\users\Norm-Main
2013-01-28 23:36 . 2013-01-28 23:36   --------   d-----w-   C:\Recovery
2013-01-28 23:16 . 2013-01-31 21:27   --------   d-----w-   c:\windows\Panther
2013-01-28 23:16 . 2013-01-28 23:16   --------   d-----w-   C:\Boot
2013-01-28 23:15 . 2013-01-28 23:21   --------   d-----w-   c:\windows\system32\OEM
2013-01-28 23:15 . 2013-01-28 23:15   --------   d-----w-   C:\Hotfix
2013-01-28 23:15 . 2013-01-28 23:15   --------   d-----w-   C:\Drivers
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2011-08-30 1517056]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-19 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2012-02-01 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-01-31 108904]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-09 607456]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R2 SetupARService;SetupARService;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2013-01-31 24576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-01-31 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-01-31 79360]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-01-31 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-29 1255736]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-10 11864]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-09-14 32360]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys [2011-08-11 99440]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 20:58]
.
2013-01-31 c:\windows\Tasks\RtlLanOptimizerVistaStart.job
- c:\program files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2013-01-31 02:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-31 13:43:03
ComboFix-quarantined-files.txt 2013-01-31 21:43
.
Pre-Run: 287,767,101,440 bytes free
Post-Run: 287,387,394,048 bytes free
.
- - End Of File - - BB1076E4C5E6B018C8CBB3B1F55143D1

SuperDave · « **Reply #8 on:** January 31, 2013, 05:06:01 PM »

Why are running in Safe Mode?

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

********************************************

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Valorus · « **Reply #9 on:** January 31, 2013, 08:35:18 PM »

RogueKiller seems to have worked. I can type on this keyboard again.

RogueKiller V8.4.3 [Jan 31 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Norm-Main [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/31/2013 19:30:30
| ARK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] FreeVK.exe -- C:\Users\Norm-Main\Desktop\FreeVK.exe -> KILLED [TermProc]

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 41 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 51 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped

Finished : << RKreport[6]_SC_01312013_02d1930.txt >>
RKreport[1]_S_01312013_02d1929.txt ; RKreport[2]_D_01312013_02d1930.txt ; RKreport[3]_H_01312013_02d1930.txt ; RKreport[4]_PR_01312013_02d1930.txt ; RKreport[5]_DN_01312013_02d1930.txt ;
RKreport[6]_SC_01312013_02d1930.txt

Valorus · « **Reply #10 on:** January 31, 2013, 08:40:13 PM »

Almost forgot Rooter.

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7601.17514
.
C:\ [Fixed-NTFS] .. ( Total:297 Go - Free:267 Go )
D:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
.
Scan : 19:37.35
Path : C:\Users\Norm-Main\Desktop\Rooter.exe
User : Norm-Main ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______

?

?? (424)
______

?

?? (544)
______

?

?? (572)
______

?

?? (596)
______

?

?? (640)
______

?

?? (680)
______

?

?? (688)
______

?

?? (700)
______

?

?? (796)
______

?

?? (864)
______

?

?? (976)
______

?

?? (1008)
______

?

?? (160)
Locked audiodg.exe (476)
______ C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (156)
______

?

?? (1048)
______

?

?? (1116)
______

?

?? (1180)
______

?

?? (1340)
______

?

?? (1368)
______

?

?? (1452)
______

?

?? (1692)
______

?

?? (1700)
______

?

?? (1768)
______

?

?? (1812)
______

?

?? (1868)
______

?

?? (1904)
______ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (1936)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (1988)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (1200)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2052)
______

?

?? (2460)
______ C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe (1124)
______

?

?? (2616)
______

?

?? (1636)
______ C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (3384)
______ C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe (3572)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (3688)
______

?

?? (3844)
______

?

?? (3696)
______ C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (3148)
______ C:\Windows\sysWOW64\wbem\wmiprvse.exe (4080)
______

?

?? (2216)
______

?

?? (3456)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (1432)
______ C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (2032)
______

?

?? (1780)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (3232)
______ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (3320)
______

?

?? (1656)
______ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (2172)
______

?

?? (4276)
______ C:\Windows\SysWOW64\notepad.exe (4500)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (2664)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (3016)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (4108)
______

?

?? (4312)
______

?

?? (4412)
______

?

?? (5052)
______

?

?? (2832)
______ C:\Users\Norm-Main\Desktop\Rooter.exe (4128)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:103809024)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:105906176 | Length:319964577792)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\RtlLanOptimizerVistaStart.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 19:37.35
.
C:\Rooter$\Rooter_2.txt - (31/01/2013 | 19:37.35)

SuperDave · « **Reply #11 on:** February 01, 2013, 12:29:18 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Valorus · « **Reply #12 on:** February 02, 2013, 10:01:00 AM »

Dave, I printed your instructions and followed them, but Eset didn't find anything and I can't find a log from it anywhere, program files, desktop or anywhere else.
The keyboard doesn't work anymore, after most commands, a big box says "Please wait" or the grammatically challenged "Not Support this platform".
The wireless adapter still turns off during any updates, Eset took 1 1/2 hours to download updates. There isn't anything on this computer, OS, A/V and a few scanner
utilities so I could do anything you think would help. Thanks again for your time and efforts.
Before I forget, the Add-on Manager box won't open.

SuperDave · « **Reply #13 on:** February 02, 2013, 05:25:49 PM »

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

Double-click the Setup file to install it on your computer.
Once it has installed, review and accept the agreement and press the Start button.
You will presented with the main interface, but don't scan yet, click the options tab (gear icon):

On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:

On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:

Then, choose Save. Also, in the Automatic Report tab, select Save:

Please post the reports in your next reply.
Once you exit, the tool should uninstall automatically.

Valorus · « **Reply #14 on:** February 03, 2013, 01:10:16 PM »

Dave
I can't post the results on the infected computer. Files disappear before it posts. I'll keep trying.

Valorus · « **Reply #15 on:** February 03, 2013, 10:09:37 PM »

This can't be right, but here it is.

Automatic Scan: completed 9 hours ago (events: 312659, objects: 313366, time: 01:18:12)
2/2/2013 9:24:24 PM   Task started
2/2/2013 9:24:24 PM   OK   C
2/2/2013 9:24:24 PM   OK   D
2/2/2013 9:24:24 PM   OK   F
2/2/2013 9:24:24 PM   OK   \Device\HarddiskVolume2
2/2/2013 9:24:25 PM   OK   \Device\HarddiskVolume1
2/2/2013 9:24:28 PM   OK   \Device\CdRom1
2/2/2013 9:24:39 PM   OK   \Device\Harddisk0\DR0
2/2/2013 9:24:40 PM   OK   C:\AdwCleaner[R2].txt
2/2/2013 9:24:40 PM   OK   C:\AdwCleaner[R1].txt
2/2/2013 9:24:40 PM   Not processed   C:\hiberfil.sys   Object is locked
2/2/2013 9:24:40 PM   Not processed   C:\pagefile.sys   Object is locked
2/2/2013 9:24:40 PM   OK   C:\AdwCleaner[S1].txt
2/2/2013 9:24:40 PM   OK   C:\AdwCleaner[R3].txt
2/2/2013 9:24:40 PM   OK   C:\csb.log
2/2/2013 9:24:40 PM   OK   C:\Install.log
2/2/2013 9:24:40 PM   OK   C:\BOOTSECT.BAK
2/2/2013 9:24:40 PM   OK   C:\bootmgr
2/2/2013 9:24:40 PM   OK   C:\lucid.log
2/2/2013 9:24:40 PM   OK   C:\RHDSetup.log
2/2/2013 9:24:40 PM   OK   C:\$RECYCLE.BIN\S-1-5-21-1368359562-4183299845-1068220379-1000\$I0ZGDR4.txt
2/2/2013 9:24:40 PM   OK   C:\TDSSKiller.2.8.15.0_02.02.2013_20.55.51_log.txt
2/2/2013 9:24:40 PM   OK   C:\$RECYCLE.BIN\S-1-5-21-1368359562-4183299845-1068220379-1000\desktop.ini
2/2/2013 9:24:40 PM   OK   C:\$RECYCLE.BIN\S-1-5-21-1368359562-4183299845-1068220379-1000\$R0ZGDR4.txt
2/2/2013 9:24:40 PM   OK   C:\Boot\BCD.LOG1
2/2/2013 9:24:40 PM   OK   C:\Boot\BCD.LOG2
2/2/2013 9:24:40 PM   OK   C:\Boot\BCD
2/2/2013 9:24:40 PM   OK   C:\Boot\BCD.LOG
2/2/2013 9:24:40 PM   OK   C:\Boot\BOOTSTAT.DAT
2/2/2013 9:24:40 PM   OK   C:\Boot\cs-CZ\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\memtest.exe
2/2/2013 9:24:40 PM   OK   C:\Boot\da-DK\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\de-DE\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\el-GR\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\en-US\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\en-US\memtest.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\fi-FI\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\es-ES\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\Fonts\chs_boot.ttf
2/2/2013 9:24:40 PM   OK   C:\Boot\Fonts\cht_boot.ttf
2/2/2013 9:24:40 PM   OK   C:\Boot\Fonts\jpn_boot.ttf
2/2/2013 9:24:40 PM   OK   C:\Boot\Fonts\kor_boot.ttf
2/2/2013 9:24:40 PM   OK   C:\Boot\Fonts\wgl4_boot.ttf
2/2/2013 9:24:40 PM   OK   C:\Boot\hu-HU\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\fr-FR\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\ja-JP\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\it-IT\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\ko-KR\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\nb-NO\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\nl-NL\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\pl-PL\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\pt-BR\bootmgr.exe.mui
2/2/2013 9:24:40 PM   OK   C:\Boot\pt-PT\bootmgr.exe.mui
2/2/2013 9:24:41 PM   OK   C:\Boot\ru-RU\bootmgr.exe.mui
2/2/2013 9:24:41 PM   OK   C:\Boot\tr-TR\bootmgr.exe.mui
2/2/2013 9:24:41 PM   OK   C:\Boot\sv-SE\bootmgr.exe.mui
2/2/2013 9:24:41 PM   OK   C:\Boot\zh-CN\bootmgr.exe.mui
2/2/2013 9:24:41 PM   OK   C:\Boot\zh-TW\bootmgr.exe.mui
2/2/2013 9:24:41 PM   OK   C:\Boot\zh-HK\bootmgr.exe.mui
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\desktop.ini
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\NTUser.dat.LOG2
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\NTUser.dat.LOG1
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\NTUser.dat{4d65c729-6b44-11e2-8f84-902b34362c00}.TM.blf
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\NTUser.dat{4d65c8dd-6b44-11e2-8f84-902b34362c00}.TM.blf
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\NTUser.dat{4d65c729-6b44-11e2-8f84-902b34362c00}.TMContainer00000000000000000001.regtrans-ms
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\NTUser.dat{4d65c729-6b44-11e2-8f84-902b34362c00}.TMContainer00000000000000000002.regtrans-ms
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\NTUser.dat{4d65c8dd-6b44-11e2-8f84-902b34362c00}.TMContainer00000000000000000001.regtrans-ms
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\NTUser.dat{4d65c8dd-6b44-11e2-8f84-902b34362c00}.TMContainer00000000000000000002.regtrans-ms
2/2/2013 9:24:41 PM   Archive: 7-Zip   C:\Documents and Settings\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z/APNIC.dll
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\cmc2\local_trees\E39F65A-F5CB-11E0-A0F4-06054824019B.descr
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\APN\APN-Stub\W3IV6-G\Setup.ini
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\cmc2\local_trees\f20dc06a-279d-4cf3-91a8-da22f9c486e7.descr
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\cmc2\local_trees\E39F65A-F5CB-11E0-A0F4-06054824019B.xml
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\Quarantine\data\{8A88543C-04B0-485C-A95F-F5582B1B4230}:Zone.Identifier
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\cmc2\local_trees\f20dc06a-279d-4cf3-91a8-da22f9c486e7.xml
2/2/2013 9:24:41 PM   Packed: UPX   C:\Documents and Settings\All Users\COMODO\Cis\Quarantine\data\{8A88543C-04B0-485C-A95F-F5582B1B4230}
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\Quarantine\data\{8A88543C-04B0-485C-A95F-F5582B1B4230}/UPX/data0005.res
2/2/2013 9:24:41 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\Quarantine\data\{8A88543C-04B0-485C-A95F-F5582B1B4230}/UPX/data0005.res
2/2/2013 9:24:42 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\Quarantine\data\{8A88543C-04B0-485C-A95F-F5582B1B4230}/UPX
2/2/2013 9:24:43 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\Quarantine\data\{8A88543C-04B0-485C-A95F-F5582B1B4230}
2/2/2013 9:24:43 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\Quarantine\info\{8A88543C-04B0-485C-A95F-F5582B1B4230}
2/2/2013 9:24:43 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\dialogs_descriptor.xml
2/2/2013 9:24:43 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\intro_av_advanced.html
2/2/2013 9:24:43 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\intro_cav.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\intro_cfw.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\intro_complete.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\intro_dlg.js
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\intro_plus.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\intro_premium.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\intro_pro.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\offer_dlg.js
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\OndemandOffer.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\RealTimeMemoryOffer.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\RealtimeFileOffer.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\subscription_expired.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\subscription_near_expiration.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\trial_dlg.js
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\trial_expired.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\css\dialogs.css
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\trial_near_expiration.html
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\buynow_bg.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\buynow_btn.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\CautiondWarningYellow.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\GeekbuddySmall.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\GeekBuddy_bg.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\GeekBuddy_caution.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\GeekBuddy_infections.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\GeekBuddy_malicious.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\GreyButtonActive.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\GreyButtonNormal.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\GreyButtonPressed.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroAntivirus_icon.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroComodoTitle.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroComodoTitle_icon.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroFirewall_icon.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroGeekBuddyScreen.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroGeekBuddy_icon.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroGuarantee_icon.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroLogo_CAV.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroLogo_CAV_advanced.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroLogo_CFW.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroLogo_CIS_Complete.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroLogo_CIS_Plus.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroLogo_CIS_Premium.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroLogo_CIS_Pro.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\IntroScannerScreen.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\intro_dialog_bg.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\keyExpiration_bg.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\OrangeButtonActive.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\OrangeButtonNormal.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\OrangeButtonPressed.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\ShieldErrorRed.png
2/2/2013 9:24:44 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\ShieldWarningRed.png
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Cis\WebDialogs\images\ShieldWarningYellow.png
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Firewall Pro\cisboost.sdb-shm
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Firewall Pro\cisdata.sdb
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Firewall Pro\cisboost.sdb-wal
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Firewall Pro\cisboost.sdb
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\bfe_vista.bin
2/2/2013 9:24:45 PM   Archive: Embedded   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/Installer_WixHelper
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/WixUIWixca
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/QuestionIcon
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/WarningIcon
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/GrnSquareBitmap
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/TopBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/WelcomeBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/BetaWarnBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/DestDirBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/DnsBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/SubscribeBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/FinalFailedBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/FinalBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/FwFeaturesBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/InstallingBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/LicenseBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/PreviewBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/CisFeaturesBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/CisFeedbackBanner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/WixUI_Bmp_Banner
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/WixUI_Bmp_Dialog
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/WixUI_Ico_Exclam
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/WixUI_Ico_Info
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/WixUI_Bmp_New
2/2/2013 9:24:45 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/WixUI_Bmp_Up
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cis.ico
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Firewall Pro\cislogs.sdb
2/2/2013 9:24:46 PM   Archive: CAB   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavdb.cab
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavdb.cab/bases.cav
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavdb.cab/fixbase.exe
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavdb.cab
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\bfe_win8.bin
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\bfe_win7.bin
2/2/2013 9:24:46 PM   Archive: CAB   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/common.cav
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/dosmz.cav
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/dunpack.cav
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/extra.cav
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/fileid.cav
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/framework.dll
2/2/2013 9:24:46 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/gunpack.cav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/heur.cav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/mach32.dll
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\lps-ca\vt.db
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/mem.cav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/pe.cav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/pe32.cav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/pkann.dll
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/platform.dll
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/script.cav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/scrtemu.cav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/signmgr.dll
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/smart.cav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/unarch.cav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/unpack.cav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab/white.cav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/cavse.cab
2/2/2013 9:24:47 PM   Archive: CAB   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/Add_App.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/Add_App.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/adpkifcfcacgmnggcbpbjbkdijciiigm.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/adpkifcfcacgmnggcbpbjbkdijciiigm.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/aknpkdffaafgjchaibgeefbgmgeghloj.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/aknpkdffaafgjchaibgeefbgmgeghloj.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/alert.wav
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/appmanifest.xaml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/bfe_vista.reg
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/bfe_win7.reg
2/2/2013 9:24:47 PM   Archive: NSIS   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe
2/2/2013 9:24:47 PM   Archive: NSIS   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/data0001
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/data0001
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/bfe_win8.reg
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/blpcfgokakmgnkcojhhkbfbldkacnbeo.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/CFRMD.inf
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/blpcfgokakmgnkcojhhkbfbldkacnbeo.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/bottomBar.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/btnShadow.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/$PLUGINSDIR\GetVersion.dll
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/comodo_dragon.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/comodo_dragon.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/Config.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/Desklist.html
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/cfrmd.sys
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/DesktopPicture.JPG
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/cfrmd.sys
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/drvhlpr.dll
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/ejjicmeblgpmajnghnpcppodonldlgfn.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/export.dll
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/ejjicmeblgpmajnghnpcppodonldlgfn.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/component.cfg
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/flip_in.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/cfrmd.sys
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/flip_out.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/flip_press.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/hbdpomandigafcibbmofojjchbcdagbl.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/hbdpomandigafcibbmofojjchbcdagbl.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/icppfcnhkcmnfdhfhphakoifcfokfdhg.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/icppfcnhkcmnfdhfhphakoifcfokfdhg.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/cfrmd.sys
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/ihdkejbciahopmbagpnjmmkkdpfpaaak.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/ihdkejbciahopmbagpnjmmkkdpfpaaak.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/lbfehkoinhhcknnbdgnnmjhiladcgbol.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/$PLUGINSDIR\System.dll
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/lbfehkoinhhcknnbdgnnmjhiladcgbol.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/lfbgimoladefibpklnfmkpknadbklade.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/lfbgimoladefibpklnfmkpknadbklade.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/lneaknkopdijkpnocmklfnjbeapigfbh.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/lneaknkopdijkpnocmklfnjbeapigfbh.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/mkojhhiphdgeliplnclnbmdiofhgnimi.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/cfrmd.sys
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/mkojhhiphdgeliplnclnbmdiofhgnimi.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/mmimngoggfoobjdlefbcabngfnmieonb.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/mmimngoggfoobjdlefbcabngfnmieonb.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/onlgmecjpnejhfeofkgbfgnmdlipdejb.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/onlgmecjpnejhfeofkgbfgnmdlipdejb.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/cfrmd.sys
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/page_dot.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/page_dot_on.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/pfpeapihoiogbcmdmnibeplnikfnhoge.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/pfpeapihoiogbcmdmnibeplnikfnhoge.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/cfrmd.sys
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/pjkljhegncpnkpknbcohdijeoejaedia.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/pjkljhegncpnkpknbcohdijeoejaedia.xml
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/remove.png
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/cfrmd.sys
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/addonscontroller.dll
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/$PLUGINSDIR\System.dll   Object was not changed (iChecker)
2/2/2013 9:24:47 PM   Archive: NSIS   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/uninstall.exe
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/uninstall.exe/data0001
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/uninstall.exe/$PLUGINSDIR\System.dll   Object was not changed (iChecker)
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/export.dll
2/2/2013 9:24:47 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/component.cfg
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/offreg.dll
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/Sciter
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/SevenZ
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/uninstall.exe/#/data0001
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/uninstall.exe/#
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/virtkiosk.exe
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/uninstall.exe
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/$PLUGINSDIR\GetVersion.dll   Object was not changed (iChecker)
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/#
2/2/2013 9:24:48 PM   Archive: NSIS   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe/#
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/data0001
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_browser_addons_monitor_release.exe
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/export.dll
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/component.cfg
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/configuration.db
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/virtkiosk.exeV64
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/$PLUGINSDIR\System.dll   Object was not changed (iChecker)
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/AutorunsWrapper.dll
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab/vkhlp.dll
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/toolset.cab
2/2/2013 9:24:48 PM   Archive: NSIS   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/uninstall.exe
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/uninstall.exe/data0001
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/uninstall.exe/$PLUGINSDIR\System.dll   Object was not changed (iChecker)
2/2/2013 9:24:48 PM   Archive: NSIS   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/uninstall.exe
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/uninstall.exe/data0001
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/uninstall.exe/$PLUGINSDIR\System.dll   Object was not changed (iChecker)
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/uninstall.exe/#/data0001
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/uninstall.exe/#
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/uninstall.exe/#/data0001
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/uninstall.exe/#
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/uninstall.exe
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/$PLUGINSDIR\GetVersion.dll   Object was not changed (iChecker)
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/uninstall.exe
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/#   Object was not changed (iChecker)
2/2/2013 9:24:48 PM   Archive: CAB   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe/#   Object was not changed (iChecker)
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe/#   Object was not changed (iChecker)
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdcsr.dll
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmderd.sys.Vista
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmderd.sys.Win7
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmderd.sys.Win8
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmderd.sys.Xp
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmderd.sys.XpId
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmderd.sys.XpId.32
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdguard.cat.VistaId
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdguard.inf.VistaId
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdguard.inf.Win7Id
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdGuard.sys.Vista
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_client_transaction_release.exe
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdGuard.sys.Win7
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdGuard.sys.Win8
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdGuard.sys.Win8_WHQL
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdguard.sys.Win8Id
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdguard.sys.Win8Id_WHQL
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdGuard.sys.Xp
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_boot_time_monitor_release.exe
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdguard.sys.XpId
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdhlp.inf.VistaId
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdhlp.inf.Win7Id
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdhlp.sys.Vista
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdhlp.sys.Win7
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdhlp.sys.Win8
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdhlp.sys.Win8_WHQL
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdhlp.sys.Win8Id
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdhlp.sys.Win8Id_WHQL
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdhlp.sys.Xp
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdhlp.sys.XpId
2/2/2013 9:24:48 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdhlp.sys.XpId.32
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdkbd32.dll
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdkbd64.dll
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdvrt32.dll
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/cmdvrt64.dll
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/guard32.dll
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/guard64.dll
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.inf.VistaId
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.inf.Win7Id
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.inf.Win8Id
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.inf.Win8Id_WHQL
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.inf.XpId
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.sys.Vista
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.sys.Win7
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.sys.Win8
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.sys.Win8_WHQL
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.sys.Win8Id
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.sys.Win8Id_WHQL
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.sys.Xp
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab/inspect.sys.XpId.32
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/drivers.cab
2/2/2013 9:24:49 PM   Archive: CAB   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.arabic.lang
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.brazilian.lang
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.bulgarian.lang
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.chinese.lang
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.chinesetraditional.lang
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.croatian.lang
2/2/2013 9:24:49 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.czech.lang
2/2/2013 9:24:49 PM   Archive: NSIS   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/data0001
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.dutch.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.english.lang.template
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/export.dll
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.estonian.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\updates\updates.ini
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/component.cfg
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.french.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.german.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/eventmonitorapi.dll
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/$PLUGINSDIR\System.dll   Object was not changed (iChecker)
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.greek.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.hungarian.lang
2/2/2013 9:24:50 PM   Archive: NSIS   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/uninstall.exe
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/uninstall.exe/data0001
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.italian.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/uninstall.exe/$PLUGINSDIR\System.dll   Object was not changed (iChecker)
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.persian.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.polish.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.russian.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/uninstall.exe/#/data0001
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.serbian.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/uninstall.exe/#
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.slovak.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/uninstall.exe
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.spanish.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.swedish.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/$PLUGINSDIR\GetVersion.dll   Object was not changed (iChecker)
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.turkish.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/#   Object was not changed (iChecker)
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cavshell.ukrainian.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe/#   Object was not changed (iChecker)
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.arabic.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\lps4\temp\setup_clps_windows_event_monitor_release.exe
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.brazilian.lang
2/2/2013 9:24:50 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.bulgarian.lang
2/2/2013 9:24:51 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.chinese.lang
2/2/2013 9:24:51 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.chinesetraditional.lang
2/2/2013 9:24:51 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.croatian.lang
2/2/2013 9:24:51 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.czech.lang
2/2/2013 9:24:51 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.dutch.lang
2/2/2013 9:24:51 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.english.lang.template
2/2/2013 9:24:51 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.estonian.lang
2/2/2013 9:24:51 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.french.lang
2/2/2013 9:24:51 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.german.lang
2/2/2013 9:24:51 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.greek.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.hungarian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.italian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.persian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.polish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.russian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.serbian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.slovak.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.spanish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.swedish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.turkish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cfpconfg.ukrainian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.arabic.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.brazilian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.bulgarian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.chinese.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.chinesetraditional.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.croatian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.czech.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.dutch.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.english.lang.template
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.estonian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.french.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.german.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.greek.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.hungarian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.italian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.persian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.polish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.russian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.serbian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.slovak.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.spanish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.swedish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.turkish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cis.ukrainian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.arabic.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.brazilian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.bulgarian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.chinese.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.chinesetraditional.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.croatian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.czech.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.dutch.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.english.lang.template
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.estonian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.french.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.german.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.greek.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.hungarian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.italian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.persian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.polish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.russian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.serbian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.slovak.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.spanish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.swedish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.turkish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cistray.ukrainian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1025.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1026.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1028.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1029.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1031.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1032.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1034.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1036.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1038.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1040.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1043.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1045.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1046.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1049.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1050.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1051.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1053.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1055.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1058.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1061.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.1065.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.2052.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/cmdinstall.3098.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/ComodoInstaller.english.lang.template
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.arabic.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.brazilian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.bulgarian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.chinese.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.chinesetraditional.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.croatian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.czech.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.dutch.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.english.lang.template
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.estonian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.french.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.german.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.greek.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.hungarian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.italian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.persian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.polish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.russian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.serbian.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.slovak.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.spanish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtkiosk.swedish.lang
2/2/2013 9:24:52 PM   OK   C:\Documents and Settings\All Users\COMODO\Installer\cis_setup_x64.msi/translations.cab/virtki

SuperDave · « **Reply #16 on:** February 04, 2013, 12:10:28 PM »

Ok, what is the status of your computer now?

Valorus · « **Reply #17 on:** February 04, 2013, 03:42:04 PM »

It boots OK, win 7 comes up, I can't enter any commands via the keyboard.
the mouse commands work. Most A/V scanners are removed and those that
are left don't work. Any that update quit halfway through. Right now is an
exception, the key board is working at the moment.
I'm running Eset again on the off chance that I'll be able to copy and send it to you.

SuperDave · « **Reply #18 on:** February 04, 2013, 04:16:26 PM »

Quote

I can't enter any commands via the keyboard.

What does this mean? Please explain.

Quote

Most A/V scanners are removed and those that are left don't work.

You're only suppose to have one AV on your computer. How many do you have?

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

Valorus · « **Reply #19 on:** February 05, 2013, 12:15:46 PM »

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-04 14:48:50
-----------------------------
14:48:50.789 OS Version: Windows x64 6.1.7601 Service Pack 1
14:48:50.789 Number of processors: 4 586 0x2A07
14:48:50.789 ComputerName: NORM-MAIN-PC UserName: Norm
14:48:52.521 Initialize success
14:54:58.287 AVAST engine defs: 13020401
14:55:54.283 Verifying
14:56:04.298 Disk 0 Windows 601 MBR fixed successfully
14:56:04.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
14:56:04.314 Disk 0 Vendor: ST332082 3.AC Size: 305244MB BusType: 3
14:56:04.314 Disk 0 MBR read successfully
14:56:04.314 Disk 0 MBR scan
14:56:04.329 Disk 0 Windows 7 default MBR code
14:56:04.329 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 99 MB offset 2048
14:56:04.345 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305142 MB offset 206848
14:56:04.361 Disk 0 scanning C:\Windows\system32\drivers
14:56:11.833 Service scanning
14:56:33.501 Modules scanning
14:56:33.501 Disk 0 trace - called modules:
14:56:33.533 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:56:33.548 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007863060]
14:56:33.548 3 CLASSPNP.SYS[fffff88002d6043f] -> nt!IofCallDriver -> [0xfffffa8007170460]
14:56:33.564 5 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007559050]
14:56:34.531 AVAST engine scan C:\Windows
14:56:36.372 AVAST engine scan C:\Windows\system32
14:57:56.291 AVAST engine scan C:\Windows\system32\drivers
14:58:03.311 AVAST engine scan C:\Users\Norm
14:58:16.306 AVAST engine scan C:\ProgramData
14:59:18.347 Scan finished successfully
14:59:27.052 Disk 0 MBR has been saved successfully to "C:\Users\Norm\Documents\MBR.dat"
14:59:27.052 The log file has been saved successfully to "C:\Users\Norm\Documents\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-05 11:11:37
-----------------------------
11:11:37.764 OS Version: Windows x64 6.1.7601 Service Pack 1
11:11:37.764 Number of processors: 4 586 0x2A07
11:11:37.764 ComputerName: NORM-MAIN-PC UserName: Norm
11:11:38.841 Initialize success
11:11:47.467 AVAST engine defs: 13020401
11:11:53.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
11:11:53.520 Disk 0 Vendor: ST332082 3.AC Size: 305244MB BusType: 3
11:11:53.536 Disk 0 MBR read successfully
11:11:53.536 Disk 0 MBR scan
11:11:53.551 Disk 0 Windows 7 default MBR code
11:11:53.551 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 99 MB offset 2048
11:11:53.567 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305142 MB offset 206848
11:11:53.583 Disk 0 scanning C:\Windows\system32\drivers
11:11:59.760 Service scanning
11:12:15.142 Service TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe **HIDDEN**
11:12:18.792 Modules scanning
11:12:18.792 Disk 0 trace - called modules:
11:12:18.808 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
11:12:18.823 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007889060]
11:12:18.823 3 CLASSPNP.SYS[fffff88000dcb43f] -> nt!IofCallDriver -> [0xfffffa800758cc80]
11:12:18.823 5 ACPI.sys[fffff88000f5f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007589050]
11:12:19.650 AVAST engine scan C:\Windows
11:12:21.663 AVAST engine scan C:\Windows\system32
11:14:00.567 AVAST engine scan C:\Windows\system32\drivers
11:14:06.464 AVAST engine scan C:\Users\Norm
11:14:29.318 AVAST engine scan C:\ProgramData
11:14:46.493 Scan finished successfully
11:15:10.564 Disk 0 MBR has been saved successfully to "C:\Users\Norm\Documents\MBR.dat"
11:15:10.564 The log file has been saved successfully to "C:\Users\Norm\Documents\aswMBR.txt"

SuperDave · « **Reply #20 on:** February 05, 2013, 12:18:17 PM »

Please answer the two questions I asked you in my previous reply.

Valorus · « **Reply #21 on:** February 05, 2013, 12:25:17 PM »

The keyboard is disabled, only the virtual works occasionally.

I have removed all the other A/V and scanners.

SuperDave · « **Reply #22 on:** February 05, 2013, 04:46:01 PM »

Quote from: Valorus on February 05, 2013, 12:25:17 PM

The keyboard is disabled, only the virtual works occasionally.

I have removed all the other A/V and scanners.

Did you try another keyboard?

Valorus · « **Reply #23 on:** February 06, 2013, 07:46:31 AM »

Yes I did, Dave. I tried a brand new one, fresh out of the box.

SuperDave · « **Reply #24 on:** February 06, 2013, 12:25:27 PM »

Will your keyboard work in Safe Mode?

Valorus · « **Reply #25 on:** February 06, 2013, 03:53:33 PM »

Only occasionally, old or new keyboard.

SuperDave · « **Reply #26 on:** February 07, 2013, 12:09:47 PM »

Is this a USB keyboard?

Valorus · « **Reply #27 on:** February 07, 2013, 08:15:45 PM »

Yes it is, and USB keyboard is set to on in the BIOS.

SuperDave · « **Reply #28 on:** February 08, 2013, 11:48:48 AM »

I'm puzzled. This looks like a hardware problem.

Valorus · « **Reply #29 on:** February 08, 2013, 01:40:27 PM »

It could be, Dave but this desktop is new and all of the external devices seem to work on other computers.
This HDD was cleaned, but I'm beginning to wonder if the system reserved partition is at fault. I have the
mfgr. software to clean it and replace the boot info, so I think I'll try that.
Meanwhile, thanks for your help, you've pointed me in the right direction several times. I'll let you know how things
turn out.

Valorus · « **Reply #30 on:** February 13, 2013, 02:18:59 PM »

Hi Dave,

Before I cleaned this computer, it reported "Kaspersky database corrupted" for any Kaspersky utility.
When I opened most other programs the dialog box came up "Not support this platform", the keyboard
was disabled and "Windows security can't be started" came up.
I cleaned the HDD with Eraser and used a partition program to delete System reserved partition and
reinstall the boot information. Installed win 7 and A/V three days ago and haven't seen anything that
isn't operating properly. Thanks again for all your help.

SuperDave · « **Reply #31 on:** February 13, 2013, 04:55:17 PM »

It's too bad you had to resort to a re-format but now you have a new computer. Good luck.

kbit · « **Reply #32 on:** February 27, 2013, 12:30:05 PM »

I'm surprised no one mentioned NTFS error 55 from second post .

http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2.3790.1830&EvtID=55&EvtSrc=ntfs&LCID=1033

File system corrupt , chkdsk /r , likely would have fixed you right up , as the reformat seems to have done. Likely no virus or malware to begin with!

Computer Hope Forum

News:

Author Topic: I guess I don't know how to clean a HDD after all. (Read 25741 times)

Valorus

Valorus

SuperDave

Valorus

SuperDave

Valorus

SuperDave

Valorus

SuperDave

Valorus

Valorus

SuperDave

Valorus

SuperDave

Valorus

Valorus

SuperDave

Valorus

SuperDave

Valorus

SuperDave

Valorus

SuperDave

Valorus

SuperDave

Valorus

SuperDave

Valorus

SuperDave

Valorus

Valorus

SuperDave

kbit