1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

event id7026:

Discussion in 'Virus & Other Malware Removal' started by heffiji, Jan 1, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. heffiji

    heffiji Thread Starter

    Joined:
    Sep 9, 2012
    Messages:
    13
    The event log displays the following error message every time the system starts a cold boot:

    Event ID: 7026
    The following boot-start or system-start driver(s) failed to load: rqkdql.

    Any suggestion to solve this problem will be much appreciated.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 4
    RAM: 4078 Mb
    Graphics Card: NVIDIA GeForce GTX 650 Ti, 1024 Mb
    Hard Drives: C: Total - 61439 MB, Free - 40938 MB; D: Total - 61438 MB, Free - 40781 MB; E: Total - 204799 MB, Free - 128041 MB; F: Total - 665599 MB, Free - 229697 MB; G: Total - 614399 MB, Free - 249152 MB; H: Total - 300043 MB, Free - 44738 MB;
    Motherboard: Dell Inc., 0Y2MRG
    Antivirus: COMODO Antivirus, Disabled, AVIRA Enabled
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi and Happy New Year. As far as I can tell rqkdql is not a recognized file.

    Your information log shows you have two Anti Virus programs installed, one of them needs to be completely uninstalled. More than one Anti Virus program can cause conflicts, poor system performance and reduce system security.

    Please run the following scan:

    1. Download Malwarebytes Anti-Rootkit from this link mbar
    2. Unzip the File to a convenient location. (Recommend the Desktop)
    3. Open the folder where the contents were unzipped to run mbar.exe

    [​IMG]

    4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    [​IMG]

    5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

    6. The following image opens, select Next.

    [​IMG]

    7. The following image opens, select Update

    [​IMG]

    8. When the Update completes, select Next

    [​IMG]

    9. In the following window ensure "Targets" are ticked. Then select "Scan"

    [​IMG]

    10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

    [​IMG]

    11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

    [​IMG]

    12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

    [​IMG]

    13. Select "Exit" to close down.
    14. Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    [​IMG]
     
  3. heffiji

    heffiji Thread Starter

    Joined:
    Sep 9, 2012
    Messages:
    13
    Happy New Year! Thanks for your reply

    1. I also wonder what this rqkdql is. This does sound like something vicious to me.
    2. I have disabled the Comodo Antivirus and only used it when needed. Is this OK?

    Here are the logs:
    mbar-log-2013-01-02 (09-24-07).txt
    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org

    Database version: v2013.01.01.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    heffiji :: HEFFIJI-PC [administrator]

    1/2/2013 9:24:07 AM
    mbar-log-2013-01-02 (09-24-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 28630
    Time elapsed: 5 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    =========================================
    system-log.txt

    Malwarebytes Anti-Rootkit BETA 1.01.0.1011

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
    CPU speed: 2.893000 GHz
    Memory total: 4276572160, free: 2723835904

    ------------ Kernel report ------------
    01/02/2013 09:18:07
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vmbus.sys
    \SystemRoot\system32\drivers\winhv.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\System32\DRIVERS\cmderd.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\DRIVERS\cmdguard.sys
    \SystemRoot\SysWOW64\WinFLAdrv.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\cmdhlp.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\inspect.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \??\D:\web\security\SUPERAntiSpyware\SASKUTIL64.SYS
    \??\D:\web\security\SUPERAntiSpyware\SASDIFSV64.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \??\C:\Windows\system32\drivers\HWiNFO64A.SYS
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avkmgr.sys
    \SystemRoot\system32\DRIVERS\avipbb.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\drivers\cmudaxp.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\drivers\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\drivers\kbdhid.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\avgntflt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\SysWow64\WinVDEdrv6.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Windows\SysWow64\WinVDEdrv.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesDriver64.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006991060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa80043e5050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2013.01.01.04
    Downloaded database version: v2012.12.27.02
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006991060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006991b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006991060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80043e5050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a0028cb880, 0xfffffa8006991060, 0xfffffa8006d9f090
    Lower DeviceData: 0xfffff8a008362620, 0xfffffa80043e5050, 0xfffffa800697e8b0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 201C4

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 125829120

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 125831168 Numsec = 125827072
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 251660288 Numsec = 419430400

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 671090688 Numsec = 3235936256

    Disk Size: 2000398934016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
    Done!
    Performing system, memory and registry scan...
    <<<2>>>
    Device number: 0, partition: 3
    <<<3>>>
    Volume: E:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Scan finished
    =======================================
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Even with Comodo Anti Virus disabled it may still have drivers running in the background so I would advise you to uninstall it.

    The Mbar logs have come up clean, but we need to check that suspicious file.


    Please go Here and follow the instructions to run DDS, then Copy and Paste both the logs into your next reply.


    Please download SystemLook from one of the links below and save it to your Desktop.



    • Double-click SystemLook.exe to run it.
    • Vista/Windows 7 users right-click and select Run As Administrator.
    • Copy and paste everything in the codebox below into the main textfield:
      Code:
      :filefind
      *rqkdql*
    • Click the Look button to start the scan.
    • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
    • Please copy and paste the contents of that log in your next reply.
     
  5. heffiji

    heffiji Thread Starter

    Joined:
    Sep 9, 2012
    Messages:
    13
    Thanks. Here is the log

    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:40 on 02/01/2013 by heffiji
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*rqkdql*"
    No files found.

    -= EOF =-
     
  6. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Did you miss my request for the DDS logs? They should show where that file is located.
     
  7. heffiji

    heffiji Thread Starter

    Joined:
    Sep 9, 2012
    Messages:
    13
    sorry. i miss the dds logs. This will take another day as I need to backup before going there.
     
  8. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    DDS is a non-intrusive scanning tool so will not pose any risk to your personal files, but keeping your back ups up to date is always a wise thing to do.
     
  9. heffiji

    heffiji Thread Starter

    Joined:
    Sep 9, 2012
    Messages:
    13
    hi
    thanks again. here are the logs:

    Hijackthis
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:24:58 AM, on 1/3/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\SysWOW64\HsMgr.exe
    D:\admin\monitor\AnVir Task Manager\AnVir.exe
    D:\utilities\desktop\enhancement\Wallpaper Master\Wallpaper.exe
    D:\utilities\tool\Workrave\lib\Workrave.exe
    C:\Windows\SysWOW64\WinFLTray.exe
    C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
    D:\utilities\desktop\dual monitor\Actual Window Manager\ActualWindowManagerCenter.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    D:\utilities\desktop\enhancement\FileBX\Fbx32helper.exe
    D:\admin\monitor\WinPatrol\WinPatrol.exe
    D:\multimedia\player\RadioSure\RadioSure.exe
    D:\web\finance\MIE\MIE.exe
    D:\utilities\file tool\xyplorer\XYplorer.exe
    C:\Users\heffiji\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/Service...le.com/mail/&scc=1&ltmpl=default&ltmplcache=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [WinPatrol] D:\admin\monitor\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [AnVir Task Manager] "D:\admin\monitor\AnVir Task Manager\anvir.exe" Minimized
    O4 - HKCU\..\Run: [Rainlendar2] D:\utilities\desktop\enhancement\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [Desktop Wallpaper Changer] D:\utilities\desktop\enhancement\Wallpaper Master\Wallpaper.exe
    O4 - HKCU\..\Run: [Workrave] D:\utilities\tool\Workrave\lib\workrave.exe
    O4 - HKCU\..\Run: [DS Clock] "D:\utilities\desktop\enhancement\DS Clock\DSClock.exe"
    O4 - HKCU\..\Run: [WinFLTray] C:\Windows\SysWow64\WinFLTray.exe
    O4 - HKCU\..\Run: [FLBackup] D:\utilities\file tool\NewSoftware's\Folder Lock\FLComServCtrl.exe
    O4 - HKCU\..\Run: [Actual Window Manager] "D:\utilities\desktop\dual monitor\Actual Window Manager\ActualWindowManagerCenter.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Startup: Directory Opus (Startup).lnk = D:\utilities\file tool\Directory Opus\dopus.exe
    O4 - Startup: ERUNT AutoBackup.lnk = D:\admin\monitor\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: FileBox eXtender.lnk = D:\utilities\desktop\enhancement\FileBX\FileBX.exe
    O8 - Extra context menu item: En&queue current page with BID - file://D:\web\utilities\Bulk Image Downloader\iemenu\iebidqueue.htm
    O8 - Extra context menu item: Enqueue link tar&get with BID - file://D:\web\utilities\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
    O8 - Extra context menu item: Open &link target with BID - file://D:\web\utilities\Bulk Image Downloader\iemenu\iebidlink.htm
    O8 - Extra context menu item: Open current page with BI&D - file://D:\web\utilities\Bulk Image Downloader\iemenu\iebid.htm
    O8 - Extra context menu item: Open current page with BID Link Explorer - file://D:\web\utilities\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD1BD1EA-0E07-49BA-B40B-B7B69E425895}: NameServer = 8.8.8.8,8.8.4.4
    O20 - AppInit_DLLs:
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\web\security\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    O23 - Service: DockLoginService - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: DSClockSyncTime - Duality Software - D:\utilities\desktop\enhancement\DS Clock\dsetime.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: FLService - New Softwares.net - C:\Windows\SysWow64\WinFLService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - D:\admin\maintenance\OO Software\Defrag\oodag.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - D:\admin\data recovery\Macrium\Reflect\ReflectService.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesService64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 9087 bytes


    dds.log
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
    Run by heffiji at 10:30:12 on 2013-01-03
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4078.2492 [GMT 8:00]
    .
    AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Antivirus *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\HsMgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system\HsMgr64.exe
    D:\admin\monitor\Process Lasso\processgovernor.exe
    D:\admin\monitor\Process Lasso\processlasso.exe
    D:\web\security\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\SysWow64\WinFLService.exe
    D:\admin\maintenance\OO Software\Defrag\oodag.exe
    D:\utilities\desktop\launcher\SE-TrayMenu\SE-TrayMenu.exe
    C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    D:\admin\monitor\AnVir Task Manager\AnVir.exe
    D:\utilities\desktop\enhancement\Rainlendar2\Rainlendar2.exe
    D:\utilities\desktop\enhancement\Wallpaper Master\Wallpaper.exe
    D:\utilities\tool\Workrave\lib\Workrave.exe
    D:\utilities\desktop\enhancement\DS Clock\dsclock.exe
    C:\Windows\SysWOW64\WinFLTray.exe
    C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
    D:\admin\data recovery\Macrium\Reflect\ReflectService.exe
    D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    D:\utilities\desktop\dual monitor\Actual Window Manager\ActualWindowManagerCenter.exe
    D:\utilities\desktop\enhancement\FileBX\FileBX.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesApp64.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    D:\utilities\file tool\Directory Opus\dopus.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    D:\utilities\desktop\dual monitor\Actual Window Manager\ActualWindowManagerCenter64.exe
    D:\utilities\desktop\enhancement\FileBX\Fbx32helper.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    D:\admin\monitor\WinPatrol\WinPatrol.exe
    D:\multimedia\player\RadioSure\RadioSure.exe
    D:\web\security\SuperAntispyware\SUPERAntiSpyware.exe
    D:\web\finance\MIE\MIE.exe
    D:\utilities\file tool\xyplorer\XYplorer.exe
    D:\web\browser\Mozilla Firefox\firefox.exe
    D:\web\browser\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [AnVir Task Manager] "D:\admin\monitor\AnVir Task Manager\anvir.exe" Minimized
    uRun: [Rainlendar2] D:\utilities\desktop\enhancement\Rainlendar2\Rainlendar2.exe
    uRun: [Desktop Wallpaper Changer] D:\utilities\desktop\enhancement\Wallpaper Master\Wallpaper.exe
    uRun: [Workrave] D:\utilities\tool\Workrave\lib\workrave.exe
    uRun: [DS Clock] "D:\utilities\desktop\enhancement\DS Clock\DSClock.exe"
    uRun: [WinFLTray] C:\Windows\SysWow64\WinFLTray.exe
    uRun: [FLBackup] D:\utilities\file tool\NewSoftware's\Folder Lock\FLComServCtrl.exe
    uRun: [Actual Window Manager] "D:\utilities\desktop\dual monitor\Actual Window Manager\ActualWindowManagerCenter.exe"
    mRun: [WinPatrol] D:\admin\monitor\WinPatrol\winpatrol.exe -expressboot
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    StartupFolder: C:\Users\heffiji\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\Users\heffiji\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Directory Opus (Startup).lnk - D:\utilities\file tool\Directory Opus\dopus.exe
    StartupFolder: C:\Users\heffiji\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - D:\admin\monitor\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FILEBO~1.LNK - D:\utilities\desktop\enhancement\FileBX\FileBX.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: En&queue current page with BID - D:\web\utilities\Bulk Image Downloader\iemenu\iebidqueue.htm
    IE: Enqueue link tar&get with BID - D:\web\utilities\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
    IE: Open &link target with BID - D:\web\utilities\Bulk Image Downloader\iemenu\iebidlink.htm
    IE: Open current page with BI&D - D:\web\utilities\Bulk Image Downloader\iemenu\iebid.htm
    IE: Open current page with BID Link Explorer - D:\web\utilities\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
    TCP: NameServer = 192.168.8.1
    TCP: Interfaces\{AD1BD1EA-0E07-49BA-B40B-B7B69E425895} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{AD1BD1EA-0E07-49BA-B40B-B7B69E425895} : DHCPNameServer = 192.168.8.1
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    SEH: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - D:\utilities\file tool\Directory Opus\dopuslib32.dll
    x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
    x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
    x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
    x64-Run: [WinPatrol] D:\admin\monitor\WinPatrol\WinPatrol.exe -expressboot
    x64-Run: [SE-TrayMenu] D:\utilities\desktop\launcher\SE-TrayMenu\SE-TrayMenu.exe
    x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - D:\utilities\file tool\Directory Opus\dopuslib.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\heffiji\AppData\Roaming\Mozilla\Firefox\Profiles\zw1h0tjg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: D:\office\reader\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-10-28 27800]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-12-14 23328]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2012-12-14 697960]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-12-14 48512]
    R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2012-12-29 29672]
    R1 SASDIFSV;SASDIFSV;D:\web\security\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
    R1 SASKUTIL;SASKUTIL;D:\web\security\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
    R2 !SASCORE;SAS Core Service;D:\web\security\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-28 85280]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-28 109344]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-10-28 99912]
    R2 FLService;FLService;C:\Windows\SysWOW64\WinFLService.exe [2012-12-25 92360]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-27 13632]
    R2 NEWDRIVER;NEWDRIVER;C:\Windows\SysWOW64\WinVDEdrv6.sys [2012-12-25 197648]
    R2 OODefragAgent;O&O Defrag;D:\admin\maintenance\OO Software\Defrag\oodag.exe [2012-11-30 3293552]
    R2 ReflectService.exe;Macrium Reflect Image Mounting Service;D:\admin\data recovery\Macrium\Reflect\ReflectService.exe [2012-12-10 301760]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
    R2 WinVDEDrv;WinVDEDrv;C:\Windows\SysWOW64\WinVDEdrv.sys [2012-12-25 225680]
    R3 cmudaxp;ASUS Xonar Essence STX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2011-7-9 2725376]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-10-24 425000]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2012-12-14 158928]
    S3 DockLoginService;DockLoginService;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-12 155648]
    S3 DSClockSyncTime;DSClockSyncTime;D:\utilities\desktop\enhancement\DS Clock\dsetime.exe [2012-11-1 62264]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-27 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-27 1255736]
    S4 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: emeditor.txt="D:\office\note\EmEditor\EMEDITOR.EXE" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-01-02 04:30:18 -------- d-----w- C:\Users\heffiji\AppData\Roaming\EurekaLog
    2012-12-29 11:44:07 29672 ----a-w- C:\Windows\System32\drivers\HWiNFO64A.SYS
    2012-12-29 00:29:55 -------- d-----w- C:\Users\heffiji\AppData\Roaming\MatSpoon
    2012-12-25 07:40:45 -------- d-----w- C:\Users\heffiji\AppData\Roaming\The Journal 6
    2012-12-25 07:40:45 -------- d-----w- C:\Users\heffiji\AppData\Local\The Journal 6
    2012-12-25 07:40:45 -------- d-----w- C:\ProgramData\The Journal
    2012-12-25 05:04:50 -------- d-----w- C:\Users\heffiji\AppData\Roaming\Actual Tools
    2012-12-25 04:53:23 34816 ----a-w- C:\Windows\SysWow64\WinFLAdrv.sys
    2012-12-25 04:53:22 197648 ----a-w- C:\Windows\SysWow64\WinVDEdrv6.sys
    2012-12-25 04:53:21 225680 ----a-w- C:\Windows\SysWow64\WinVDEdrv.sys
    2012-12-25 04:53:08 92360 ----a-w- C:\Windows\SysWow64\WinFLService.exe
    2012-12-25 04:53:07 14024 ----a-w- C:\Windows\SysWow64\WinFLMsgService.exe
    2012-12-25 04:53:06 40960 ----a-w- C:\Windows\SysWow64\nwsftUninstall.exe
    2012-12-25 04:53:05 321736 ----a-w- C:\Windows\SysWow64\WinFLTray.exe
    2012-12-25 04:53:04 321736 ----a-w- C:\Windows\SysWow64\WinFLTrayShred.exe
    2012-12-25 04:49:11 -------- d-----w- C:\Users\heffiji\AppData\Local\GPSoftware
    2012-12-25 04:48:23 -------- d-----w- C:\Windows\System32\inf32
    2012-12-25 04:48:23 -------- d-----w- C:\Users\heffiji\AppData\Roaming\GPSoftware
    2012-12-25 04:45:36 -------- d-----w- C:\ProgramData\GPSoftware
    2012-12-24 23:46:57 -------- d-----w- C:\Windows\System32\oodag
    2012-12-24 23:46:02 -------- d-----w- C:\Users\heffiji\AppData\Local\O&O
    2012-12-24 17:22:58 -------- d-----w- C:\Users\heffiji\AppData\Roaming\Duality Software
    2012-12-23 06:16:13 -------- d-----w- C:\ProgramData\Duality Software
    2012-12-23 04:12:00 -------- d-----w- C:\Users\heffiji\AppData\Local\Google
    2012-12-23 04:07:04 -------- d-----w- C:\Users\heffiji\AppData\Roaming\calibre
    2012-12-23 03:57:52 -------- d-----w- C:\Users\heffiji\AppData\Roaming\Foxit Reader
    2012-12-23 03:41:18 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
    2012-12-23 03:41:17 25952 ----a-w- C:\Windows\System32\authuitu.dll
    2012-12-23 03:41:17 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
    2012-12-23 03:39:39 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2012-12-23 03:33:34 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-23 03:31:01 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-12-23 02:45:05 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-12-23 02:45:05 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-12-23 02:45:05 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-12-23 02:45:05 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-12-23 02:39:58 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-12-23 02:33:07 -------- d-----w- C:\Users\heffiji\AppData\Local\Programs
    2012-12-23 02:16:02 -------- d-s---w- C:\ProgramData\Shared Space
    2012-12-23 02:14:26 -------- d-----w- C:\Program Files\COMODO
    2012-12-23 02:14:06 -------- d-----w- C:\ProgramData\Comodo
    2012-12-23 02:09:18 -------- d-----w- C:\ProgramData\Comodo Downloader
    2012-12-23 02:03:34 -------- d-----w- C:\Users\heffiji\.rainlendar2
    2012-12-14 12:45:44 697960 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
    2012-12-14 12:45:44 48512 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2012-12-14 12:45:42 23328 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2012-12-14 12:45:32 42856 ----a-w- C:\Windows\System32\cmdcsr.dll
    2012-12-14 12:45:30 453808 ----a-w- C:\Windows\System32\guard64.dll
    2012-12-14 12:45:30 350272 ----a-w- C:\Windows\SysWow64\guard32.dll
    2012-12-14 12:45:20 321744 ----a-w- C:\Windows\System32\cmdvrt64.dll
    2012-12-14 12:45:14 260304 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
    2012-12-10 11:12:14 13504 ----a-w- C:\Windows\System32\drivers\PSVolAcc.sys
    2012-12-10 11:11:52 57024 ----a-w- C:\Windows\System32\drivers\psmounterex.sys
    .
    ==================== Find3M ====================
    .
    2012-12-23 03:33:30 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-23 03:10:10 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-23 03:10:10 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-23 02:43:43 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-14 08:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-11-30 10:58:38 352112 ----a-w- C:\Windows\System32\oodbs.exe
    2012-11-30 10:57:46 10096 ----a-w- C:\Windows\System32\oodbsrs.dll
    2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-28 06:24:17 22 --sha-w- C:\Windows\90C7D912BE2316.sys
    2012-10-28 06:24:17 22 --sha-w- C:\Users\heffiji\AppData\Roaming\Windows1569_SettingsRepository.bin
    2012-10-27 11:02:31 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-10-27 11:02:31 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-10-27 09:00:29 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-10-27 05:57:21 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-10-27 05:57:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-10-27 05:12:17 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-10-27 05:12:17 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-10-27 05:12:17 111616 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-10-27 05:12:17 102400 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-10-26 08:44:31 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2012-10-24 19:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-24 19:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    .
    ============= FINISH: 10:30:40.07 ===============
     
  10. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    I can see you still have Comodo installed despite the advice I gave. But, as I can now see that Comodo also has a Firewall component you would be better protected if you uninstall Avira and enable Comodo's Anti Virus.

    Still no sign of that suspicious file. But, it should show up in the Event logs that are in the other log produced by DDS which you failed to post. It is called Attach.txt and should be saved on your desktop, please post it in your next reply.
     
  11. heffiji

    heffiji Thread Starter

    Joined:
    Sep 9, 2012
    Messages:
    13
    I will uninstall the avira during the weekend. I am a bit worried about the comodo antivirus , but using their firewall. I am a bit hesitating to uninstall it without giving thoughts to a fall-back plan. I assume I also need to remove the malwarebyte anti-malware, or should I?

    I really appreciate your effort.
    here is the log:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/27/2012 1:00:45 PM
    System Uptime: 1/3/2013 5:11:04 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0Y2MRG
    Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz | CPU 1 | 2901/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 60 GiB total, 39.675 GiB free.
    D: is FIXED (NTFS) - 60 GiB total, 39.805 GiB free.
    E: is FIXED (NTFS) - 200 GiB total, 123.608 GiB free.
    F: is FIXED (NTFS) - 650 GiB total, 220.274 GiB free.
    G: is FIXED (NTFS) - 600 GiB total, 242.778 GiB free.
    H: is FIXED (NTFS) - 293 GiB total, 43.69 GiB free.
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: High Definition Audio Device
    Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0041&SUBSYS_14622806&REV_1001\5&248BBD60&0&0001
    Manufacturer: Microsoft
    Name: High Definition Audio Device
    PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0041&SUBSYS_14622806&REV_1001\5&248BBD60&0&0001
    Service: HdAudAddService
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    AASTOCKS MIE
    AC3Filter 2.5b
    ACDSee Pro 4
    Actual Window Manager 6.7.2
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    AIMP3
    AnVir Task Manager
    Apple Application Support
    Apple Software Update
    ASUS Xonar Essence STX Audio Driver
    Avira Free Antivirus
    Bass Audio Decoder (remove only)
    calibre
    CCleaner
    CD Audio Reader Filter (remove only)
    Civilization III
    Civilization III: Conquests
    CleanMem
    COMODO Internet Security
    DCoder Image Source (remove only)
    Dell Dock
    DirectVobSub (remove only)
    DS Clock
    DScaler 5 Mpeg Decoders
    EmEditor Professional (64-bit)
    ERUNT 1.1j
    ffdshow v1.2.4453 [2012-05-21]
    FFMPEG Core Files (remove only)
    FileBox eXtender
    Foxit PhantomPDF
    Gabest MPEG Splitter (remove only)
    Google Chrome
    Google Update Helper
    GPSoftware Directory Opus
    Haali Media Splitter
    Intel(R) Rapid Storage Technology
    Java 7 Update 10
    Java Auto Updater
    jv16 PowerTools 2012
    LAV Filters 0.54.1
    Macrium Reflect Free Edition
    MadVR (remove only)
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Baseline Security Analyzer 2.2
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    NVIDIA Control Panel 310.70
    NVIDIA Graphics Driver 310.70
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    O&O Defrag Professional
    OpenAL
    OpenSource AVI Splitter (remove only)
    OpenSource DTS/AC3/DD+ Source Filter (remove only)
    OpenSource Flash Video Splitter (remove only)
    Paint.NET v3.5.10
    Process Lasso
    QuickTime
    RealPlayer
    ReClock
    Sid Meier's Civilization 4
    Sid Meier's Civilization 4 - Beyond the Sword
    Sid Meier's Civilization IV Colonization
    SUPERAntiSpyware
    Tag&Rename 3.3
    The Journal 6
    The Ultimate Troubleshooter
    TuneUp Utilities 2013
    TuneUp Utilities Language Pack (en-US)
    Unlocker 1.9.1-x64
    Windows Media Player Firefox Plugin
    WinPatrol
    WinRAR 4.01 (64-bit)
    Workrave 1.9.4
    Zoom Player (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/3/2013 5:11:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: rqkdql
    1/3/2013 5:10:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TuneUp.UtilitiesSvc service.
    1/2/2013 12:32:47 PM, Error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  12. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    One solution with your concerns over your Anti Virus situation is to uninstall the Full Comodo Firewall/Anti Virus and then install just the Comodo Free Firewall and continue to use Avira. As for fallback plans there are several other good recommendable Anti Virus programs that are all free, including Avast and the one I would highly recommend Microsoft Security Essentials.

    As for Malwarebytes, it is designed to compliment any Anti Virus program so you should keep it.

    The log shows the error with that mystery file but no location.

    The log also shows you have no Restore Points, have you turned off System Restore, that could leave you having to do a clean install in some situations if something goes wrong that would be easily fixed with System Restore. It is a worthwhile safeguard to keep it turned on.

    I see you have TuneUp Utilities, any third party software that promises to tune up your PC can often cause more problems than they fix. You will not find any of the experts here that will say anything different, there is no PC Optimizer tool that can be recommended and we often see systems corrupted by their use. It also appears to be showing an error in the logs so I would recommend you remove it.

    I am now beginning to wonder if rqkdql relates to a program that you may have uninstalled or possibly an infection that has been removed. As the error says it failed to load it it may not be there but there is still a registry entry that is calling it. We will do another scan now that may show us something new as it scans deeper into the system.

    EDIT: I just did a bit more searching to try and find what that mystery file may belong to and it could be AVG Anti Virus, have you ever had it installed and if so what version?

    Please also run SystemLook again as follows:


    • Double-click SystemLook.exe to run it.
    • Vista/Windows 7 users right-click and select Run As Administrator.
    • Copy and paste everything in the codebox below into the main textfield:
      Code:
      :dir
      *rqkdql*
      :file
      *rqkdql*
      :reg
      *rqkdql*
      :service
      *rqkdql*
      :process
      *rqkdql*
      :filefind
      *rqkdql*
      :folderfind
      *rqkdql*
      :regfind
      *rqkdql*
      
    • Click the Look button to start the scan.
    • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
    • Please copy and paste the contents of that log in your next reply.



    ================================================================

    STEP 1
    NOTE: If you have already used Combofix please delete the icon from your desktop.

    • Please download DeFogger and save it to your desktop.
    • Once downloaded, double-click on the DeFogger icon to start the tool.
    • The application window will appear.
    • You should now click on the Disable button to disable your CD Emulation drivers.
    • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
    • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.



    STEP 2
    Please download ComboFix [​IMG] from one of the locations below and save it to your Desktop. <-Important!!!


    Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

    Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.

    • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
    • If ComboFix detects an older version of itself, you will be asked to update the program.
    • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
    • Follow the prompts and click on Yes to continue scanning for malware.
    • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
    • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
    • Be sure to re-enable your anti-virus and other security programs.

    -- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
    -- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
    -- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


    If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

    NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

     
  13. heffiji

    heffiji Thread Starter

    Joined:
    Sep 9, 2012
    Messages:
    13
    Hi again,

    I made some idiotic attempts last nite and compounded with sudden maintenance activities of my internet service provider this morning (the only maintenance I recalled my ISP had in 10 years). I panicked and rolled back to a backup dated Dec 28, 2012. I should have backup this image with the mystery driver before the rollback.

    Fortunately, I checked the registry and the entries related to the mystery driver are not there. (There are more than 10 entries before the rollback). I shall re-install the many trial-wares installed after the Dec 28 backup and keep track of the change in registry. I will let you know if I can identify the cause. Should finish the installations earliest next Monday. Any suggestion will be appreciated. I shall close my case sometime next week whether I find the cause or not.

    I will consider your suggestions on anti-virus and tune-up tools. I tried MS securities and found it a bit slow. I may try out bitdefender free later and give serious thought to avast. I will probably need a clean install in the near future.

    I really appreciate your effort. You guys are great and take me through some virus hunting techniques.
     
  14. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, let me know how it goes.

    Did you install Combofix, if so I need to give the correct instructions for its removal.

    If you could post the SystemLook report (from the last scan I asked you to do) I may be able to identify the program from the registry entries.
     
  15. heffiji

    heffiji Thread Starter

    Joined:
    Sep 9, 2012
    Messages:
    13
    No, I have not installed combofix. I could not open your email until this afternoon. I was cut off from the net until 3 hours ago because of my ISP. I will keep you posted on my progress. But realistically, the softwares I am going to install are from the vendors or reputable sites like softpaedia , so it is unlikely to find a reason there. Dont hold your hope too high even I do want to solve the puzzle desperately to avoid further suspense.

    Thanks again
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083250

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice