event id7026:

This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.


Thread Starter
Sep 9, 2012
The event log displays the following error message every time the system starts a cold boot:

Event ID: 7026
The following boot-start or system-start driver(s) failed to load: rqkdql.

Any suggestion to solve this problem will be much appreciated.

Tech Support Guy System Info Utility version
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4078 Mb
Graphics Card: NVIDIA GeForce GTX 650 Ti, 1024 Mb
Hard Drives: C: Total - 61439 MB, Free - 40938 MB; D: Total - 61438 MB, Free - 40781 MB; E: Total - 204799 MB, Free - 128041 MB; F: Total - 665599 MB, Free - 229697 MB; G: Total - 614399 MB, Free - 249152 MB; H: Total - 300043 MB, Free - 44738 MB;
Motherboard: Dell Inc., 0Y2MRG
Antivirus: COMODO Antivirus, Disabled, AVIRA Enabled
May 7, 2011
Hi and Happy New Year. As far as I can tell rqkdql is not a recognized file.

Your information log shows you have two Anti Virus programs installed, one of them needs to be completely uninstalled. More than one Anti Virus program can cause conflicts, poor system performance and reduce system security.

Please run the following scan:

1. Download Malwarebytes Anti-Rootkit from this link mbar
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

7. The following image opens, select Update

8. When the Update completes, select Next

9. In the following window ensure "Targets" are ticked. Then select "Scan"

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown



Thread Starter
Sep 9, 2012
Happy New Year! Thanks for your reply

1. I also wonder what this rqkdql is. This does sound like something vicious to me.
2. I have disabled the Comodo Antivirus and only used it when needed. Is this OK?

Here are the logs:
mbar-log-2013-01-02 (09-24-07).txt
Malwarebytes Anti-Rootkit

Database version: v2013.01.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
heffiji :: HEFFIJI-PC [administrator]

1/2/2013 9:24:07 AM
mbar-log-2013-01-02 (09-24-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28630
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)



Malwarebytes Anti-Rootkit BETA

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
CPU speed: 2.893000 GHz
Memory total: 4276572160, free: 2723835904

------------ Kernel report ------------
01/02/2013 09:18:07
------------ Loaded modules -----------
\??\D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesDriver64.sys
----------- End -----------
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006991060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80043e5050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2013.01.01.04
Downloaded database version: v2012.12.27.02
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006991060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006991b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006991060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80043e5050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a0028cb880, 0xfffffa8006991060, 0xfffffa8006d9f090
Lower DeviceData: 0xfffff8a008362620, 0xfffffa80043e5050, 0xfffffa800697e8b0
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 201C4

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 125829120

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 125831168 Numsec = 125827072
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 251660288 Numsec = 419430400

Partition 3 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 671090688 Numsec = 3235936256

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Performing system, memory and registry scan...
Device number: 0, partition: 3
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan finished
May 7, 2011
Even with Comodo Anti Virus disabled it may still have drivers running in the background so I would advise you to uninstall it.

The Mbar logs have come up clean, but we need to check that suspicious file.

Please go Here and follow the instructions to run DDS, then Copy and Paste both the logs into your next reply.

Please download SystemLook from one of the links below and save it to your Desktop.

  • Double-click SystemLook.exe to run it.
  • Vista/Windows 7 users right-click and select Run As Administrator.
  • Copy and paste everything in the codebox below into the main textfield:
  • Click the Look button to start the scan.
  • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
  • Please copy and paste the contents of that log in your next reply.


Thread Starter
Sep 9, 2012
Thanks. Here is the log

SystemLook 30.07.11 by jpshortstuff
Log created at 20:40 on 02/01/2013 by heffiji
Administrator - Elevation successful

========== filefind ==========

Searching for "*rqkdql*"
No files found.

-= EOF =-
May 7, 2011
Did you miss my request for the DDS logs? They should show where that file is located.


Thread Starter
Sep 9, 2012
sorry. i miss the dds logs. This will take another day as I need to backup before going there.
May 7, 2011
DDS is a non-intrusive scanning tool so will not pose any risk to your personal files, but keeping your back ups up to date is always a wise thing to do.


Thread Starter
Sep 9, 2012
thanks again. here are the logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:58 AM, on 1/3/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
D:\admin\monitor\AnVir Task Manager\AnVir.exe
D:\utilities\desktop\enhancement\Wallpaper Master\Wallpaper.exe
C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
D:\utilities\desktop\dual monitor\Actual Window Manager\ActualWindowManagerCenter.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
D:\utilities\file tool\xyplorer\XYplorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/Service...le.com/mail/&scc=1&ltmpl=default&ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinPatrol] D:\admin\monitor\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [AnVir Task Manager] "D:\admin\monitor\AnVir Task Manager\anvir.exe" Minimized
O4 - HKCU\..\Run: [Rainlendar2] D:\utilities\desktop\enhancement\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Desktop Wallpaper Changer] D:\utilities\desktop\enhancement\Wallpaper Master\Wallpaper.exe
O4 - HKCU\..\Run: [Workrave] D:\utilities\tool\Workrave\lib\workrave.exe
O4 - HKCU\..\Run: [DS Clock] "D:\utilities\desktop\enhancement\DS Clock\DSClock.exe"
O4 - HKCU\..\Run: [WinFLTray] C:\Windows\SysWow64\WinFLTray.exe
O4 - HKCU\..\Run: [FLBackup] D:\utilities\file tool\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKCU\..\Run: [Actual Window Manager] "D:\utilities\desktop\dual monitor\Actual Window Manager\ActualWindowManagerCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Directory Opus (Startup).lnk = D:\utilities\file tool\Directory Opus\dopus.exe
O4 - Startup: ERUNT AutoBackup.lnk = D:\admin\monitor\ERUNT\AUTOBACK.EXE
O4 - Global Startup: FileBox eXtender.lnk = D:\utilities\desktop\enhancement\FileBX\FileBX.exe
O8 - Extra context menu item: En&queue current page with BID - file://D:\web\utilities\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link tar&get with BID - file://D:\web\utilities\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with BID - file://D:\web\utilities\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with BI&D - file://D:\web\utilities\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open current page with BID Link Explorer - file://D:\web\utilities\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD1BD1EA-0E07-49BA-B40B-B7B69E425895}: NameServer =,
O20 - AppInit_DLLs:
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\web\security\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: DockLoginService - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: DSClockSyncTime - Duality Software - D:\utilities\desktop\enhancement\DS Clock\dsetime.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLService - New Softwares.net - C:\Windows\SysWow64\WinFLService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - D:\admin\maintenance\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - D:\admin\data recovery\Macrium\Reflect\ReflectService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

End of file - 9087 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by heffiji at 10:30:12 on 2013-01-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4078.2492 [GMT 8:00]
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\admin\monitor\Process Lasso\processgovernor.exe
D:\admin\monitor\Process Lasso\processlasso.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
D:\admin\maintenance\OO Software\Defrag\oodag.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
D:\admin\monitor\AnVir Task Manager\AnVir.exe
D:\utilities\desktop\enhancement\Wallpaper Master\Wallpaper.exe
D:\utilities\desktop\enhancement\DS Clock\dsclock.exe
C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
D:\admin\data recovery\Macrium\Reflect\ReflectService.exe
D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
D:\utilities\desktop\dual monitor\Actual Window Manager\ActualWindowManagerCenter.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesApp64.exe
C:\Program Files\Dell\DellDock\DellDock.exe
D:\utilities\file tool\Directory Opus\dopus.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
D:\utilities\desktop\dual monitor\Actual Window Manager\ActualWindowManagerCenter64.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
D:\utilities\file tool\xyplorer\XYplorer.exe
D:\web\browser\Mozilla Firefox\firefox.exe
D:\web\browser\Mozilla Firefox\plugin-container.exe
============== Pseudo HJT Report ===============
uStart Page = hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AnVir Task Manager] "D:\admin\monitor\AnVir Task Manager\anvir.exe" Minimized
uRun: [Rainlendar2] D:\utilities\desktop\enhancement\Rainlendar2\Rainlendar2.exe
uRun: [Desktop Wallpaper Changer] D:\utilities\desktop\enhancement\Wallpaper Master\Wallpaper.exe
uRun: [Workrave] D:\utilities\tool\Workrave\lib\workrave.exe
uRun: [DS Clock] "D:\utilities\desktop\enhancement\DS Clock\DSClock.exe"
uRun: [WinFLTray] C:\Windows\SysWow64\WinFLTray.exe
uRun: [FLBackup] D:\utilities\file tool\NewSoftware's\Folder Lock\FLComServCtrl.exe
uRun: [Actual Window Manager] "D:\utilities\desktop\dual monitor\Actual Window Manager\ActualWindowManagerCenter.exe"
mRun: [WinPatrol] D:\admin\monitor\WinPatrol\winpatrol.exe -expressboot
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\heffiji\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\heffiji\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Directory Opus (Startup).lnk - D:\utilities\file tool\Directory Opus\dopus.exe
StartupFolder: C:\Users\heffiji\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - D:\admin\monitor\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FILEBO~1.LNK - D:\utilities\desktop\enhancement\FileBX\FileBX.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: En&queue current page with BID - D:\web\utilities\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - D:\web\utilities\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - D:\web\utilities\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - D:\web\utilities\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - D:\web\utilities\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
TCP: NameServer =
TCP: Interfaces\{AD1BD1EA-0E07-49BA-B40B-B7B69E425895} : NameServer =,
TCP: Interfaces\{AD1BD1EA-0E07-49BA-B40B-B7B69E425895} : DHCPNameServer =
SSODL: WebCheck - <orphaned>
SEH: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - D:\utilities\file tool\Directory Opus\dopuslib32.dll
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [WinPatrol] D:\admin\monitor\WinPatrol\WinPatrol.exe -expressboot
x64-Run: [SE-TrayMenu] D:\utilities\desktop\launcher\SE-TrayMenu\SE-TrayMenu.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - D:\utilities\file tool\Directory Opus\dopuslib.dll
================= FIREFOX ===================
FF - ProfilePath - C:\Users\heffiji\AppData\Roaming\Mozilla\Firefox\Profiles\zw1h0tjg.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: D:\office\reader\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
============= SERVICES / DRIVERS ===============
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-10-28 27800]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-12-14 23328]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2012-12-14 697960]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-12-14 48512]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2012-12-29 29672]
R1 SASDIFSV;SASDIFSV;D:\web\security\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;D:\web\security\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;D:\web\security\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-28 85280]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-28 109344]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-10-28 99912]
R2 FLService;FLService;C:\Windows\SysWOW64\WinFLService.exe [2012-12-25 92360]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-27 13632]
R2 NEWDRIVER;NEWDRIVER;C:\Windows\SysWOW64\WinVDEdrv6.sys [2012-12-25 197648]
R2 OODefragAgent;O&O Defrag;D:\admin\maintenance\OO Software\Defrag\oodag.exe [2012-11-30 3293552]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;D:\admin\data recovery\Macrium\Reflect\ReflectService.exe [2012-12-10 301760]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
R2 WinVDEDrv;WinVDEDrv;C:\Windows\SysWOW64\WinVDEdrv.sys [2012-12-25 225680]
R3 cmudaxp;ASUS Xonar Essence STX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2011-7-9 2725376]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-10-24 425000]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;D:\admin\tuning\TuneUp Utilities\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2012-12-14 158928]
S3 DockLoginService;DockLoginService;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-12 155648]
S3 DSClockSyncTime;DSClockSyncTime;D:\utilities\desktop\enhancement\DS Clock\dsetime.exe [2012-11-1 62264]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-27 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-27 1255736]
S4 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
=============== File Associations ===============
FileExt: .txt: emeditor.txt="D:\office\note\EmEditor\EMEDITOR.EXE" "%1"
=============== Created Last 30 ================
2013-01-02 04:30:18 -------- d-----w- C:\Users\heffiji\AppData\Roaming\EurekaLog
2012-12-29 11:44:07 29672 ----a-w- C:\Windows\System32\drivers\HWiNFO64A.SYS
2012-12-29 00:29:55 -------- d-----w- C:\Users\heffiji\AppData\Roaming\MatSpoon
2012-12-25 07:40:45 -------- d-----w- C:\Users\heffiji\AppData\Roaming\The Journal 6
2012-12-25 07:40:45 -------- d-----w- C:\Users\heffiji\AppData\Local\The Journal 6
2012-12-25 07:40:45 -------- d-----w- C:\ProgramData\The Journal
2012-12-25 05:04:50 -------- d-----w- C:\Users\heffiji\AppData\Roaming\Actual Tools
2012-12-25 04:53:23 34816 ----a-w- C:\Windows\SysWow64\WinFLAdrv.sys
2012-12-25 04:53:22 197648 ----a-w- C:\Windows\SysWow64\WinVDEdrv6.sys
2012-12-25 04:53:21 225680 ----a-w- C:\Windows\SysWow64\WinVDEdrv.sys
2012-12-25 04:53:08 92360 ----a-w- C:\Windows\SysWow64\WinFLService.exe
2012-12-25 04:53:07 14024 ----a-w- C:\Windows\SysWow64\WinFLMsgService.exe
2012-12-25 04:53:06 40960 ----a-w- C:\Windows\SysWow64\nwsftUninstall.exe
2012-12-25 04:53:05 321736 ----a-w- C:\Windows\SysWow64\WinFLTray.exe
2012-12-25 04:53:04 321736 ----a-w- C:\Windows\SysWow64\WinFLTrayShred.exe
2012-12-25 04:49:11 -------- d-----w- C:\Users\heffiji\AppData\Local\GPSoftware
2012-12-25 04:48:23 -------- d-----w- C:\Windows\System32\inf32
2012-12-25 04:48:23 -------- d-----w- C:\Users\heffiji\AppData\Roaming\GPSoftware
2012-12-25 04:45:36 -------- d-----w- C:\ProgramData\GPSoftware
2012-12-24 23:46:57 -------- d-----w- C:\Windows\System32\oodag
2012-12-24 23:46:02 -------- d-----w- C:\Users\heffiji\AppData\Local\O&O
2012-12-24 17:22:58 -------- d-----w- C:\Users\heffiji\AppData\Roaming\Duality Software
2012-12-23 06:16:13 -------- d-----w- C:\ProgramData\Duality Software
2012-12-23 04:12:00 -------- d-----w- C:\Users\heffiji\AppData\Local\Google
2012-12-23 04:07:04 -------- d-----w- C:\Users\heffiji\AppData\Roaming\calibre
2012-12-23 03:57:52 -------- d-----w- C:\Users\heffiji\AppData\Roaming\Foxit Reader
2012-12-23 03:41:18 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-12-23 03:41:17 25952 ----a-w- C:\Windows\System32\authuitu.dll
2012-12-23 03:41:17 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-12-23 03:39:39 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-23 03:33:34 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-23 03:31:01 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-23 02:45:05 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-23 02:45:05 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-23 02:45:05 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-23 02:45:05 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-23 02:39:58 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-12-23 02:33:07 -------- d-----w- C:\Users\heffiji\AppData\Local\Programs
2012-12-23 02:16:02 -------- d-s---w- C:\ProgramData\Shared Space
2012-12-23 02:14:26 -------- d-----w- C:\Program Files\COMODO
2012-12-23 02:14:06 -------- d-----w- C:\ProgramData\Comodo
2012-12-23 02:09:18 -------- d-----w- C:\ProgramData\Comodo Downloader
2012-12-23 02:03:34 -------- d-----w- C:\Users\heffiji\.rainlendar2
2012-12-14 12:45:44 697960 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2012-12-14 12:45:44 48512 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-12-14 12:45:42 23328 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-12-14 12:45:32 42856 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-12-14 12:45:30 453808 ----a-w- C:\Windows\System32\guard64.dll
2012-12-14 12:45:30 350272 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-12-14 12:45:20 321744 ----a-w- C:\Windows\System32\cmdvrt64.dll
2012-12-14 12:45:14 260304 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2012-12-10 11:12:14 13504 ----a-w- C:\Windows\System32\drivers\PSVolAcc.sys
2012-12-10 11:11:52 57024 ----a-w- C:\Windows\System32\drivers\psmounterex.sys
==================== Find3M ====================
2012-12-23 03:33:30 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-23 03:10:10 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-23 03:10:10 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-23 02:43:43 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 08:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-11-30 10:58:38 352112 ----a-w- C:\Windows\System32\oodbs.exe
2012-11-30 10:57:46 10096 ----a-w- C:\Windows\System32\oodbsrs.dll
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-28 06:24:17 22 --sha-w- C:\Windows\90C7D912BE2316.sys
2012-10-28 06:24:17 22 --sha-w- C:\Users\heffiji\AppData\Roaming\Windows1569_SettingsRepository.bin
2012-10-27 11:02:31 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-10-27 11:02:31 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-10-27 09:00:29 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-27 05:57:21 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-10-27 05:57:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-10-27 05:12:17 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-10-27 05:12:17 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-10-27 05:12:17 111616 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-10-27 05:12:17 102400 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-10-26 08:44:31 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-10-24 19:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-24 19:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
============= FINISH: 10:30:40.07 ===============
May 7, 2011
I can see you still have Comodo installed despite the advice I gave. But, as I can now see that Comodo also has a Firewall component you would be better protected if you uninstall Avira and enable Comodo's Anti Virus.

Still no sign of that suspicious file. But, it should show up in the Event logs that are in the other log produced by DDS which you failed to post. It is called Attach.txt and should be saved on your desktop, please post it in your next reply.


Thread Starter
Sep 9, 2012
I will uninstall the avira during the weekend. I am a bit worried about the comodo antivirus , but using their firewall. I am a bit hesitating to uninstall it without giving thoughts to a fall-back plan. I assume I also need to remove the malwarebyte anti-malware, or should I?

I really appreciate your effort.
here is the log:

DDS (Ver_2012-11-20.01)
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/27/2012 1:00:45 PM
System Uptime: 1/3/2013 5:11:04 PM (0 hours ago)
Motherboard: Dell Inc. | | 0Y2MRG
Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz | CPU 1 | 2901/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 60 GiB total, 39.675 GiB free.
D: is FIXED (NTFS) - 60 GiB total, 39.805 GiB free.
E: is FIXED (NTFS) - 200 GiB total, 123.608 GiB free.
F: is FIXED (NTFS) - 650 GiB total, 220.274 GiB free.
G: is FIXED (NTFS) - 600 GiB total, 242.778 GiB free.
H: is FIXED (NTFS) - 293 GiB total, 43.69 GiB free.
I: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0041&SUBSYS_14622806&REV_1001\5&248BBD60&0&0001
Manufacturer: Microsoft
Name: High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0041&SUBSYS_14622806&REV_1001\5&248BBD60&0&0001
Service: HdAudAddService
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
AC3Filter 2.5b
ACDSee Pro 4
Actual Window Manager 6.7.2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AnVir Task Manager
Apple Application Support
Apple Software Update
ASUS Xonar Essence STX Audio Driver
Avira Free Antivirus
Bass Audio Decoder (remove only)
CD Audio Reader Filter (remove only)
Civilization III
Civilization III: Conquests
COMODO Internet Security
DCoder Image Source (remove only)
Dell Dock
DirectVobSub (remove only)
DS Clock
DScaler 5 Mpeg Decoders
EmEditor Professional (64-bit)
ERUNT 1.1j
ffdshow v1.2.4453 [2012-05-21]
FFMPEG Core Files (remove only)
FileBox eXtender
Foxit PhantomPDF
Gabest MPEG Splitter (remove only)
Google Chrome
Google Update Helper
GPSoftware Directory Opus
Haali Media Splitter
Intel(R) Rapid Storage Technology
Java 7 Update 10
Java Auto Updater
jv16 PowerTools 2012
LAV Filters 0.54.1
Macrium Reflect Free Edition
MadVR (remove only)
Malwarebytes Anti-Malware version
Microsoft .NET Framework 4 Client Profile
Microsoft Baseline Security Analyzer 2.2
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Control Panel 310.70
NVIDIA Graphics Driver 310.70
NVIDIA Install Application
NVIDIA PhysX System Software 9.12.1031
O&O Defrag Professional
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Paint.NET v3.5.10
Process Lasso
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization IV Colonization
Tag&Rename 3.3
The Journal 6
The Ultimate Troubleshooter
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Unlocker 1.9.1-x64
Windows Media Player Firefox Plugin
WinRAR 4.01 (64-bit)
Workrave 1.9.4
Zoom Player (remove only)
==== Event Viewer Messages From Past Week ========
1/3/2013 5:11:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: rqkdql
1/3/2013 5:10:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TuneUp.UtilitiesSvc service.
1/2/2013 12:32:47 PM, Error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
May 7, 2011
One solution with your concerns over your Anti Virus situation is to uninstall the Full Comodo Firewall/Anti Virus and then install just the Comodo Free Firewall and continue to use Avira. As for fallback plans there are several other good recommendable Anti Virus programs that are all free, including Avast and the one I would highly recommend Microsoft Security Essentials.

As for Malwarebytes, it is designed to compliment any Anti Virus program so you should keep it.

The log shows the error with that mystery file but no location.

The log also shows you have no Restore Points, have you turned off System Restore, that could leave you having to do a clean install in some situations if something goes wrong that would be easily fixed with System Restore. It is a worthwhile safeguard to keep it turned on.

I see you have TuneUp Utilities, any third party software that promises to tune up your PC can often cause more problems than they fix. You will not find any of the experts here that will say anything different, there is no PC Optimizer tool that can be recommended and we often see systems corrupted by their use. It also appears to be showing an error in the logs so I would recommend you remove it.

I am now beginning to wonder if rqkdql relates to a program that you may have uninstalled or possibly an infection that has been removed. As the error says it failed to load it it may not be there but there is still a registry entry that is calling it. We will do another scan now that may show us something new as it scans deeper into the system.

EDIT: I just did a bit more searching to try and find what that mystery file may belong to and it could be AVG Anti Virus, have you ever had it installed and if so what version?

Please also run SystemLook again as follows:

  • Double-click SystemLook.exe to run it.
  • Vista/Windows 7 users right-click and select Run As Administrator.
  • Copy and paste everything in the codebox below into the main textfield:
  • Click the Look button to start the scan.
  • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
  • Please copy and paste the contents of that log in your next reply.


NOTE: If you have already used Combofix please delete the icon from your desktop.

  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Please download ComboFix
from one of the locations below and save it to your Desktop. <-Important!!!

Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.

  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.

-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.


Thread Starter
Sep 9, 2012
Hi again,

I made some idiotic attempts last nite and compounded with sudden maintenance activities of my internet service provider this morning (the only maintenance I recalled my ISP had in 10 years). I panicked and rolled back to a backup dated Dec 28, 2012. I should have backup this image with the mystery driver before the rollback.

Fortunately, I checked the registry and the entries related to the mystery driver are not there. (There are more than 10 entries before the rollback). I shall re-install the many trial-wares installed after the Dec 28 backup and keep track of the change in registry. I will let you know if I can identify the cause. Should finish the installations earliest next Monday. Any suggestion will be appreciated. I shall close my case sometime next week whether I find the cause or not.

I will consider your suggestions on anti-virus and tune-up tools. I tried MS securities and found it a bit slow. I may try out bitdefender free later and give serious thought to avast. I will probably need a clean install in the near future.

I really appreciate your effort. You guys are great and take me through some virus hunting techniques.
May 7, 2011
Ok, let me know how it goes.

Did you install Combofix, if so I need to give the correct instructions for its removal.

If you could post the SystemLook report (from the last scan I asked you to do) I may be able to identify the program from the registry entries.


Thread Starter
Sep 9, 2012
No, I have not installed combofix. I could not open your email until this afternoon. I was cut off from the net until 3 hours ago because of my ISP. I will keep you posted on my progress. But realistically, the softwares I am going to install are from the vendors or reputable sites like softpaedia , so it is unlikely to find a reason there. Dont hold your hope too high even I do want to solve the puzzle desperately to avoid further suspense.

Thanks again
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online