[ Active] Trouble opening links & threads..probably a malware infection

Hi,
I was discussing installation of bluetooth in the following thread:
bluetooth needed for compaq nx5000 with Windows XP
The problem began with I not being able to open the following links suggested by Arie:
How to install and configure Bluetooth devices in Windows XP Service Pack 2
or
How to troubleshoot Bluetooth detection and connectivity problems in Windows XP Service Pack 2
when I tried to open these links it gave me a message -Internet explorer cannot display the page ,for which Pete C suggested me to open the link or thread probably
You receive an error message in Internet Explorer: "Internet Explorer cannot display the webpage"
I am not able to open any of these links or threads,even by right clicking and copying shortcut to URL and pasting to address bar.
So, Arie has suggested my system could be infected with Malware.
please let me know what to do to free my system of the infection.
I do not know how to go about solving this problem .I am posting the logs from DDS.txt file here.I am not posting the Attach.txt log, as per forum instructions.


Logs DDS.txt file
================
DDS (Ver_10-03-17.01) - NTFSx86
Run by Verma at 9:16:37.03 on Sun 08/15/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.16 [GMT 5.5:30]

AV: Total Security 9.50 *On-access scanning enabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~2\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~2\SCANMSG.EXE
C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\QUICKH~1\QUICKH~2\OnlineNT.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~2\ONLNSVC.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~2\quhlpsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\QUICKH~1\QUICKH~2\scanwscs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\CE100 Dialer\ICard.exe
C:\Program Files\CE100 Dialer\IdleMng.exe
C:\Program Files\CE100 Dialer\PcxSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Verma\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: APop Class: {efca9d4b-f2e8-487d-8505-e4d0e459abfe} - c:\progra~1\quickh~1\quickh~2\apop.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe "
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Email Protection] c:\progra~1\quickh~1\quickh~2\EMLPROUI.EXE
mRun: [Update Scheduler] c:\progra~1\quickh~1\quickh~2\UPSCHD.EXE /CHECK
mRun: [On-Line Protection] c:\progra~1\quickh~1\quickh~2\CATEYE.EXE
mRun: [Messenger] c:\progra~1\quickh~1\quickh~2\SCANMSG.EXE
mRun: [Startup Scan] c:\progra~1\quickh~1\quickh~2\sensor.exe /loadrun
mRun: [Quick Heal Firewall Pro] "c:\program files\cat computer\quick heal firewall pro\qhfw.exe" /waitservice
mRun: [HaierDcService] c:\program files\ce100 dialer\driver\HaierDcService.exe
mRunOnce: [Startup Scan] c:\progra~1\quickh~1\quickh~2\sensor.exe /check
StartupFolder: c:\docume~1\verma\startm~1\programs\startup\sdktra~1.lnk - c:\program files\sun\sdk\jdk\bin\javaw.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: {9AB710AF-7579-4E43-A14E-AA4C8E514CFE} = 121.242.190.180 121.242.190.211
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\catcom~1\quickh~1\wl_hook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\verma\applic~1\mozilla\firefox\profiles\xu0dcf7g.default\

============= SERVICES / DRIVERS ===============

R0 ScreenNT;ScreenNT;c:\windows\system32\drivers\SCREENNT.SYS [2009-8-9 19968]
R1 VFILT;Quick Heal Kernel Driver;c:\program files\cat computer\quick heal firewall pro\kernel\filtnt.sys [2009-8-9 125248]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2009-8-9 12168]
R2 OnlineNT;OnlineNT;c:\progra~1\quickh~1\quickh~2\ONLINENT.SYS [2009-8-9 39680]
R3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\drivers\3GDatausbser.sys [2010-3-27 102656]
S3 ADBLOCK.DLL;Quick Heal PlugIn (ADBLOCK.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\adblock.dll [2009-8-9 33600]
S3 ARP.DLL;Quick Heal PlugIn (ARP.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\arp.dll [2009-8-9 17440]
S3 CONTENT.DLL;Quick Heal PlugIn (CONTENT.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\content.dll [2009-8-9 4896]
S3 DNSCACHE.DLL;Quick Heal PlugIn (DNSCACHE.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\dnscache.dll [2009-8-9 14304]
S3 FTPFILT.DLL;Quick Heal PlugIn (FTPFILT.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\ftpfilt.dll [2009-8-9 9024]
S3 HTMLFILT.DLL;Quick Heal PlugIn (HTMLFILT.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\htmlfilt.dll [2009-8-9 11552]
S3 HTTPFILT.DLL;Quick Heal PlugIn (HTTPFILT.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\httpfilt.dll [2009-8-9 13248]
S3 IMAPFILT.DLL;Quick Heal PlugIn (IMAPFILT.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\imapfilt.dll [2009-8-9 7200]
S3 MAILFILT.DLL;Quick Heal PlugIn (MAILFILT.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\mailfilt.dll [2009-8-9 14912]
S3 NNTPFILT.DLL;Quick Heal PlugIn (NNTPFILT.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\nntpfilt.dll [2009-8-9 6752]
S3 POP3FILT.DLL;Quick Heal PlugIn (POP3FILT.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\pop3filt.dll [2009-8-9 9984]
S3 PROTECT.DLL;Quick Heal PlugIn (PROTECT.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\protect.dll [2009-8-9 16960]
S3 SECRET.DLL;Quick Heal PlugIn (SECRET.DLL);c:\program files\cat computer\quick heal firewall pro\kernel\secret.dll [2009-8-9 9696]

=============== Created Last 30 ================

2010-07-19 08:19:26 0 d-----w- c:\program files\WIDCOMM
2010-07-19 08:18:44 0 d-----w- C:\Bluetooth
2010-07-19 08:07:50 0 d-----w- c:\program files\Supprot software for Bluetooth by HP
2010-07-17 16:34:19 48640 ----a-r- c:\windows\system32\drivers\ser2pl.sys

==================== Find3M ====================

2009-09-13 11:49:32 8067224 ----a-w- c:\program files\Firefox Setup 3.5.3.exe
2009-09-13 07:27:33 1962544 ----a-w- c:\program files\install_flash_player_ax.exe
2009-01-09 16:06:50 1606064 ----a-w- c:\program files\googletalk-setup.exe
2004-08-04 08:56:44 166425 --sha-r- c:\windows\system32\urqytibl.dll

============= FINISH: 9:17:24.25 ===============

i have added correct names of the threads and links but I don't think I have added the URL correctly because when I click the thread name it leads me to an error message.Please let me know how to add that too.

 

Those links you posted are broken.

Waiting for attach.txt log.

 

hi crunchie,I have right clicked and copied shortcut for this link and attached using the insert link option,but i think there must be some way of writing down the title of the link the way Arie or PeteC posted them..could you let me know how to..

inks -
1.
http://support.microsoft.com/kb/883259How to install and configure Bluetooth devices in Windows XP Service Pack 2
2.
http://support.microsoft.com/kb/883258
How to troubleshoot Bluetooth detection and connectivity problems in Windows XP Service Pack 2
3.
http://support.microsoft.com/kb/956196/en-us
You receive an error message in Internet Explorer: "Internet Explorer cannot display the webpage"

thread:
http://www.windowsbbs.com/other-software/94113-bluetooth-needed-compaq-nx5000-windows-xp.html?highlight=bluetooth+needed+Compaq+nx5000



Logs attach.txt
===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/15/2008 2:19:57 PM
System Uptime: 8/15/2010 7:55:03 AM (2 hours ago)

Motherboard: Hewlett-Packard | | 08BC
Processor: Intel(R) Pentium(R) M processor 1500MHz | U10 | 239/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 19 GiB total, 14.238 GiB free.
D: is FIXED (NTFS) - 28 GiB total, 13.075 GiB free.
E: is FIXED (NTFS) - 28 GiB total, 14.409 GiB free.
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP30: 6/20/2010 8:45:05 PM - System Checkpoint
RP31: 7/3/2010 10:05:30 PM - System Checkpoint
RP32: 7/11/2010 10:50:28 PM - System Checkpoint
RP33: 7/17/2010 10:04:14 PM - Unsigned driver install
RP34: 7/19/2010 1:49:21 PM - Installed Bluetooth by hp
RP35: 7/21/2010 11:26:54 PM - System Checkpoint
RP36: 7/25/2010 12:37:13 PM - System Checkpoint
RP37: 8/5/2010 11:16:15 PM - System Checkpoint
RP38: 8/7/2010 6:47:03 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 8
Agere Systems AC'97 Modem
Bluetooth by hp
Broadcom 440x 10/100 Integrated Controller
CE100 Dialer
DVD Suite
EditPlus 3
Google Talk (remove only)
Hotfix for Windows XP (KB915865)
Idea Net Setter
Intel(R) Extreme Graphics 2 Driver
Java Platform, Enterprise Edition 5 SDK
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Mozilla Firefox (3.5.3)
Nero 7 Essentials
PowerDVD
Quick Heal Firewall Pro
Quick Heal Total Security
RealPlayer
SoundMAX
Texas Instruments PCIxx20 drivers.
TIPCIxx20
WebFldrs XP
Winamp (remove only)
Windows Internet Explorer 7
Windows Media Format Runtime
WinZip
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

8/13/2010 1:22:20 AM, error: Service Control Manager [7023] - The Windows Server service terminated with the following error: A dynamic link library (DLL) initialization routine failed.

==== End Of File ===========================

 

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

c:\windows\system32\urqytibl.dll

=========

To add the url you need the actual site address. When you open the page you are referencing, right click on it and save the link. Paste it here.

 

i am getting the same error internet explorer cannot display the page when I open the linkshttp://www.virustotal.com/ and http://virusscan.jotti.org/

 

Sorry for the delay. Not sure how I managed to let you slip through .

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

logs combofix.txt
====================

ComboFix 10-08-27.03 - Verma 08/29/2010 9:35.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.111 [GMT 5.5:30]
Running from: c:\documents and settings\Verma\Desktop\ComboFix.exe
AV: Total Security 9.50 *On-access scanning disabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Verma\LOCALS~1\Temp\tmp2.tmp

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-22 05:34 . 2010-08-22 05:34 -------- d-----w- c:\documents and settings\Verma\Local Settings\Application Data\Identities
2010-08-12 03:32 . 2010-08-25 15:07 452104 ----a-w- c:\documents and settings\Verma\Application Data\Real\Update\setup3.12\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 08:19 . 2010-07-19 08:19 -------- d-----w- c:\program files\WIDCOMM
2010-07-19 08:16 . 2010-07-19 08:07 -------- d-----w- c:\program files\Supprot software for Bluetooth by HP
2010-07-04 15:48 . 2010-06-20 13:46 439816 ----a-w- c:\documents and settings\Verma\Application Data\Real\Update\setup3.10\setup.exe
2009-09-13 11:49 . 2009-09-13 11:49 8067224 ----a-w- c:\program files\Firefox Setup 3.5.3.exe
2009-09-13 07:27 . 2009-09-13 07:26 1962544 ----a-w- c:\program files\install_flash_player_ax.exe
2009-01-09 16:06 . 2009-01-09 16:06 1606064 ----a-w- c:\program files\googletalk-setup.exe
2004-08-04 08:56 . 2004-08-04 08:56 166425 --sha-r- c:\windows\system32\urqytibl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-04-19 88209]
"WinampAgent "= "c:\program files\Winamp\Winampa.exe" [2001-10-02 10752]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-16 180269]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Email Protection "= "c:\progra~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE" [2009-08-09 275840]
"On-Line Protection "= "c:\progra~1\QUICKH~1\QUICKH~2\CATEYE.EXE" [2009-08-09 206208]
"Startup Scan "= "c:\progra~1\QUICKH~1\QUICKH~2\sensor.exe" [2009-08-09 144768]
"Quick Heal Firewall Pro "= "c:\program files\Cat Computer\Quick Heal Firewall Pro\qhfw.exe" [2007-04-06 87040]
"HaierDcService "= "c:\program files\CE100 Dialer\Driver\HaierDcService.exe" [2009-05-20 95232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Startup Scan "= "c:\progra~1\QUICKH~1\QUICKH~2\sensor.exe" [2009-08-09 144768]

c:\documents and settings\Verma\Start Menu\Programs\Startup\
SDK Tray Menu.lnk - c:\program files\Sun\SDK\jdk\bin\javaw.exe [2010-2-13 53346]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-19 565309]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6832:TCP "= 6832:TCP:yxdblj

R0 ScreenNT;ScreenNT;c:\windows\system32\drivers\SCREENNT.SYS [8/9/2009 1:00 PM 19968]
R1 VFILT;Quick Heal Kernel Driver;c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\filtnt.sys [8/9/2009 1:03 PM 125248]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [8/9/2009 1:00 PM 12168]
R2 OnlineNT;OnlineNT;c:\progra~1\QUICKH~1\QUICKH~2\ONLINENT.SYS [8/9/2009 1:00 PM 39680]
R2 Quick Heal Total Security Mail Protection;Quick Heal Total Security Mail Protection;c:\progra~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE [8/9/2009 1:00 PM 50560]
R2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~1\QUICKH~2\quhlpsvc.exe [8/9/2009 1:00 PM 58752]
R3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\drivers\3GDatausbser.sys [3/27/2010 1:03 PM 102656]
S2 Startup Handler;Quick Heal Total Security Startup Handler;c:\progra~1\QUICKH~1\QUICKH~2\strtsvc.exe [8/9/2009 1:00 PM 54656]
S2 ygdvq;Windows Server;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:26 PM 14336]
S3 ADBLOCK.DLL;Quick Heal PlugIn (ADBLOCK.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\adblock.dll [8/9/2009 1:02 PM 33600]
S3 ARP.DLL;Quick Heal PlugIn (ARP.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\arp.dll [8/9/2009 1:02 PM 17440]
S3 CONTENT.DLL;Quick Heal PlugIn (CONTENT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\content.dll [8/9/2009 1:02 PM 4896]
S3 DNSCACHE.DLL;Quick Heal PlugIn (DNSCACHE.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\dnscache.dll [8/9/2009 1:02 PM 14304]
S3 FTPFILT.DLL;Quick Heal PlugIn (FTPFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\ftpfilt.dll [8/9/2009 1:03 PM 9024]
S3 HTMLFILT.DLL;Quick Heal PlugIn (HTMLFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\htmlfilt.dll [8/9/2009 1:03 PM 11552]
S3 HTTPFILT.DLL;Quick Heal PlugIn (HTTPFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\httpfilt.dll [8/9/2009 1:03 PM 13248]
S3 IMAPFILT.DLL;Quick Heal PlugIn (IMAPFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\imapfilt.dll [8/9/2009 1:03 PM 7200]
S3 MAILFILT.DLL;Quick Heal PlugIn (MAILFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\mailfilt.dll [8/9/2009 1:03 PM 14912]
S3 NNTPFILT.DLL;Quick Heal PlugIn (NNTPFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\nntpfilt.dll [8/9/2009 1:03 PM 6752]
S3 POP3FILT.DLL;Quick Heal PlugIn (POP3FILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\pop3filt.dll [8/9/2009 1:03 PM 9984]
S3 PROTECT.DLL;Quick Heal PlugIn (PROTECT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\protect.dll [8/9/2009 1:03 PM 16960]
S3 SECRET.DLL;Quick Heal PlugIn (SECRET.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\secret.dll [8/9/2009 1:03 PM 9696]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ygdvq
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Verma\Application Data\Mozilla\Firefox\Profiles\xu0dcf7g.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 09:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ygdvq]
"ServiceDll "= "c:\windows\system32\urqytibl.dll "
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\QUICKH~1\QUICKH~2\scanwscs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-08-29 09:49:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-29 04:19

Pre-Run: 15,412,006,912 bytes free
Post-Run: 15,708,422,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C38096086FB133299C1F20DDA1C11C88

======================================

i would also like to inform you that my anti-virus is out of date.. can you also suggest me which free anti-virus i can download that would suit my system requirements..

 

Avast, Avira or Comodo are excellent, free anti-virus programs that would do well on your system.
Make sure to uninstall the other one first.

----

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

FileLook::
c:\windows\system32\urqytibl.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

logs combofix.txt
===============

ComboFix 10-09-09.04 - Verma 09/10/2010 17:53:21.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.79 [GMT 5.5:30]
Running from: c:\documents and settings\Verma\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Verma\Desktop\CFScript.txt
AV: Total Security 9.50 *On-access scanning disabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\urqytibl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ygdvq
-------\Service_ygdvq


((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

2010-09-10 11:17 . 2010-09-10 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Metacafe
2010-09-10 10:24 . 2010-09-10 10:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{594C1107-FD6F-4F1E-B848-65C41B98BECC}
2010-09-10 10:23 . 2010-09-10 10:23 -------- d-----w- c:\documents and settings\Verma\Local Settings\Application Data\PackageAware
2010-09-10 10:09 . 2010-09-10 10:09 -------- d-----w- c:\documents and settings\Verma\Application Data\PlayerPlug
2010-09-10 10:09 . 2010-09-10 10:09 -------- d-----w- c:\documents and settings\Verma\Application Data\PropMgrAsync
2010-09-10 10:08 . 2010-09-10 10:08 -------- d-----w- c:\documents and settings\Verma\Application Data\Toolbar4
2010-08-29 04:34 . 2010-08-29 04:34 -------- d-----w- c:\program files\Cat Computer
2010-08-29 04:32 . 2010-08-29 04:32 19968 ----a-w- c:\windows\system32\drivers\SCREENNT.SYS
2010-08-29 04:32 . 2010-08-29 04:32 39680 ----a-w- c:\windows\system32\drivers\ONLINENT.SYS
2010-08-29 04:32 . 2010-08-29 04:32 12168 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2010-08-22 05:34 . 2010-08-22 05:34 -------- d-----w- c:\documents and settings\Verma\Local Settings\Application Data\Identities
2010-08-12 03:32 . 2010-09-10 08:52 452104 ----a-w- c:\documents and settings\Verma\Application Data\Real\Update\setup3.12\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 04:32 . 2008-09-15 12:24 -------- d-----w- c:\program files\Quick Heal
2010-07-19 08:19 . 2010-07-19 08:19 -------- d-----w- c:\program files\WIDCOMM
2010-07-19 08:16 . 2010-07-19 08:07 -------- d-----w- c:\program files\Supprot software for Bluetooth by HP
2010-07-04 15:48 . 2010-06-20 13:46 439816 ----a-w- c:\documents and settings\Verma\Application Data\Real\Update\setup3.10\setup.exe
2009-09-13 11:49 . 2009-09-13 11:49 8067224 ----a-w- c:\program files\Firefox Setup 3.5.3.exe
2009-09-13 07:27 . 2009-09-13 07:26 1962544 ----a-w- c:\program files\install_flash_player_ax.exe
2009-01-09 16:06 . 2009-01-09 16:06 1606064 ----a-w- c:\program files\googletalk-setup.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-29_04.15.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-24 01:30 . 2010-08-29 03:36 40394 c:\windows\system32\perfc009.dat
+ 2001-08-24 01:30 . 2010-09-10 08:53 40394 c:\windows\system32\perfc009.dat
+ 2001-08-24 01:30 . 2010-09-10 08:53 312172 c:\windows\system32\perfh009.dat
- 2001-08-24 01:30 . 2010-08-29 03:36 312172 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-04-19 88209]
"WinampAgent "= "c:\program files\Winamp\Winampa.exe" [2001-10-02 10752]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-16 180269]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HaierDcService "= "c:\program files\CE100 Dialer\Driver\HaierDcService.exe" [2009-05-20 95232]
"Email Protection "= "c:\progra~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE" [2010-08-29 275840]
"Update Scheduler "= "c:\progra~1\QUICKH~1\QUICKH~2\UPSCHD.EXE" [2010-08-29 95616]
"On-Line Protection "= "c:\progra~1\QUICKH~1\QUICKH~2\CATEYE.EXE" [2010-08-29 206208]
"Startup Scan "= "c:\progra~1\QUICKH~1\QUICKH~2\sensor.exe" [2010-08-29 144768]
"Quick Heal Firewall Pro "= "c:\program files\Cat Computer\Quick Heal Firewall Pro\qhfw.exe" [2007-04-06 87040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Startup Scan "= "c:\progra~1\QUICKH~1\QUICKH~2\sensor.exe" [2010-08-29 144768]

c:\documents and settings\Verma\Start Menu\Programs\Startup\
SDK Tray Menu.lnk - c:\program files\Sun\SDK\jdk\bin\javaw.exe [2010-2-13 53346]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-19 565309]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6832:TCP "= 6832:TCP:yxdblj

R0 ScreenNT;ScreenNT;c:\windows\system32\drivers\SCREENNT.SYS [8/29/2010 10:02 AM 19968]
R1 VFILT;Quick Heal Kernel Driver;c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\filtnt.sys [8/29/2010 10:04 AM 125248]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [8/29/2010 10:02 AM 12168]
R2 OnlineNT;OnlineNT;c:\progra~1\QUICKH~1\QUICKH~2\ONLINENT.SYS [8/29/2010 10:02 AM 39680]
R2 Quick Heal Total Security Mail Protection;Quick Heal Total Security Mail Protection;c:\progra~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE [8/29/2010 10:02 AM 50560]
R2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~1\QUICKH~2\quhlpsvc.exe [8/29/2010 10:02 AM 58752]
R3 ADBLOCK.DLL;Quick Heal PlugIn (ADBLOCK.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\adblock.dll [8/29/2010 10:04 AM 33600]
R3 ARP.DLL;Quick Heal PlugIn (ARP.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\arp.dll [8/29/2010 10:04 AM 17440]
R3 CONTENT.DLL;Quick Heal PlugIn (CONTENT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\content.dll [8/29/2010 10:04 AM 4896]
R3 DNSCACHE.DLL;Quick Heal PlugIn (DNSCACHE.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\dnscache.dll [8/29/2010 10:04 AM 14304]
R3 FTPFILT.DLL;Quick Heal PlugIn (FTPFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\ftpfilt.dll [8/29/2010 10:04 AM 9024]
R3 HTMLFILT.DLL;Quick Heal PlugIn (HTMLFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\htmlfilt.dll [8/29/2010 10:04 AM 11552]
R3 HTTPFILT.DLL;Quick Heal PlugIn (HTTPFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\httpfilt.dll [8/29/2010 10:04 AM 13248]
R3 IMAPFILT.DLL;Quick Heal PlugIn (IMAPFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\imapfilt.dll [8/29/2010 10:04 AM 7200]
R3 MAILFILT.DLL;Quick Heal PlugIn (MAILFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\mailfilt.dll [8/29/2010 10:04 AM 14912]
R3 NNTPFILT.DLL;Quick Heal PlugIn (NNTPFILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\nntpfilt.dll [8/29/2010 10:04 AM 6752]
R3 POP3FILT.DLL;Quick Heal PlugIn (POP3FILT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\pop3filt.dll [8/29/2010 10:04 AM 9984]
R3 PROTECT.DLL;Quick Heal PlugIn (PROTECT.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\protect.dll [8/29/2010 10:04 AM 16960]
R3 SECRET.DLL;Quick Heal PlugIn (SECRET.DLL);c:\program files\Cat Computer\Quick Heal Firewall Pro\Kernel\secret.dll [8/29/2010 10:04 AM 9696]
R3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\drivers\3GDatausbser.sys [3/27/2010 1:03 PM 102656]
S2 Startup Handler;Quick Heal Total Security Startup Handler;c:\progra~1\QUICKH~1\QUICKH~2\strtsvc.exe [8/29/2010 10:02 AM 54656]
S2 ygdvq;Windows Server;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:26 PM 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ygdvq
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Verma\Application Data\Mozilla\Firefox\Profiles\xu0dcf7g.default\
FF - prefs.js: browser.search.selectedEngine - Google Customized Web Search
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 18:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ygdvq]
"ServiceDll "= "c:\windows\system32\urqytibl.dll "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\CLBCATQ.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\QUICKH~1\QUICKH~2\ONLNSVC.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\QUICKH~1\QUICKH~2\scanwscs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\QUICKH~1\QUICKH~2\OnlineNT.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2010-09-10 18:10:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-10 12:39
ComboFix2.txt 2010-08-29 04:19

Pre-Run: 15,183,831,040 bytes free
Post-Run: 15,579,672,576 bytes free

- - End Of File - - C3913C32E39B4F76321B10A2EEBFB780

 

How are things now?

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

​

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner ​

• Panda Active Scan ​

• Trend Micro HouseCall ​

• F-Secure Online Virus Scanner ​