WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Win32/Nuqel.E virus

2 posters

descriptionWin32/Nuqel.E virus EmptyWin32/Nuqel.E virus19th January 2010, 7:11 pm

more_horiz
For a couple of days now I have pop-ups regarding the virus. When I downloaded "hijackthis" and then tried to open it, I got error message "Application cannot be executed. The file is infected" I get this when trying to access my email, or open other programs. Also, my printers are wiped out. It's telling me something about the spoolsv.exe file being corrupted.
please help

descriptionWin32/Nuqel.E virus EmptyRe: Win32/Nuqel.E virus19th January 2010, 7:36 pm

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win32/Nuqel.E virus DXwU4
Win32/Nuqel.E virus VvYDg

descriptionWin32/Nuqel.E virus EmptyRe: Win32/Nuqel.E virus19th January 2010, 7:50 pm

more_horiz
Thanks for the prompt response.
I downloaded the OTL, but couldn't run it. I got the same message as before "Application cannot be executed. THe file is infected.... I receive this error crap when I try to run other programs as well. On top of that, I have frequent pop-ups with viagra and porno sites.
It's BAD!!!!!!!
Any ideas ?

descriptionWin32/Nuqel.E virus EmptyRe: Win32/Nuqel.E virus19th January 2010, 8:45 pm

more_horiz
Hello.

I suggest you copy these instructions into a notepad file, because we need to use safe mode and you won't have internet access to read from here.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Run OTL in Safe Mode.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win32/Nuqel.E virus DXwU4
Win32/Nuqel.E virus VvYDg

descriptionWin32/Nuqel.E virus EmptyRe: Win32/Nuqel.E virus19th January 2010, 9:05 pm

more_horiz
I managed to do the scan after all. I simply turned off the printers (yesterday it showed me that there is a problem with spoolsv.exe file), and did the scan. Below are the two files you mentioned:
OTL Extras logfile created on: 1/19/2010 12:42:21 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\fasdf\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 0.65 Gb Free Space | 1.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MEEP
Current User Name: fasdf
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3724:UDP" = 3724:UDP:*:Enabled:blizzard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Yvonne\Gunbound\ENGLISH\Gunbound Revolution\GunBound.gme" = C:\Yvonne\Gunbound\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Documents and Settings\fasdf\Desktop\wowclient-downloader.exe" = C:\Documents and Settings\fasdf\Desktop\wowclient-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows®️ NetMeeting®️ -- (Microsoft Corporation)
"C:\Documents and Settings\fasdf\Desktop\WoW-BurningCrusade-enUS-Installer-downloader.exe" = C:\Documents and Settings\fasdf\Desktop\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe" = C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe:*:Enabled:RingCentral Call Controller -- (RingCentral, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{19101D18-3750-461A-A867-C4BCFA83AE79}" = PetraPro
"{21C6159B-2802-4E17-979F-347374769EC9}" = COMODO livePCsupport
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Art Explosion Label Factory Deluxe
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41FB67AA-7DE5-4608-84DE-EBFFF4931B70}" = ATI Catalyst Control Center
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{50BD0B15-5197-4EAF-8BCD-81117D1324B1}" = Family Tree Heritage Collaboration Support
"{51D382E1-5631-11D5-9D1C-00010239438D}" = TraxPro
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™️ 3.8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734BB64A-5A3D-4624-867D-6358B7068496}" = Sound Blaster Live! 24-bit
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{98029732-5077-4E54-8A52-E03768126E43}" = PAC7302
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BEF106F8-2689-4530-925A-E1117836E8CD}" = Google SketchUp 7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DAD36D74-C78A-4753-84DB-13FBB4FEA65C}" = PhotoStudio Expressions
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Family Tree Heritage" = Family Tree Heritage
"Google Updater" = Google Updater
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{50BD0B15-5197-4EAF-8BCD-81117D1324B1}" = Family Tree Heritage Collaboration Support
"InstallShield_{98029732-5077-4E54-8A52-E03768126E43}" = PAC7302
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"JAMAR TAS for Windows" = JAMAR TAS for Windows
"LimeWire" = LimeWire 5.2.13
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Macromedia FreeHand 9" = Macromedia FreeHand 9
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF-XChange 3_is1" = PDF-XChange 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RingCentral" = RingCentral Call Controller
"Spyware Doctor" = Spyware Doctor 7.0
"SysInfo" = Creative System Information
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2009 5:11:28 AM | Computer Name = MEEP | Source = MSN Explorer Error Reporting | ID = 1000
Description =

Error - 2/13/2009 3:43:16 PM | Computer Name = MEEP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module mvmediaplayer.dll, version 1.0.1.39, fault address 0x0004b7bf.

Error - 2/13/2009 7:16:16 PM | Computer Name = MEEP | Source = Application Hang | ID = 1002
Description = Hanging application PETRAPro.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2009 7:16:16 PM | Computer Name = MEEP | Source = Application Hang | ID = 1002
Description = Hanging application PETRAPro.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2009 7:16:16 PM | Computer Name = MEEP | Source = Application Hang | ID = 1002
Description = Hanging application PETRAPro.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2009 7:17:29 PM | Computer Name = MEEP | Source = Application Hang | ID = 1002
Description = Hanging application PETRAPro.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2009 7:17:29 PM | Computer Name = MEEP | Source = Application Hang | ID = 1002
Description = Hanging application PETRAPro.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2009 7:17:29 PM | Computer Name = MEEP | Source = Application Hang | ID = 1002
Description = Hanging application PETRAPro.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2009 7:17:29 PM | Computer Name = MEEP | Source = Application Hang | ID = 1002
Description = Hanging application PETRAPro.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2009 7:17:29 PM | Computer Name = MEEP | Source = Application Hang | ID = 1002
Description = Hanging application PETRAPro.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/10/2009 12:34:29 PM | Computer Name = MEEP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/20/2009 11:04:40 AM | Computer Name = MEEP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000CF19BF697 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/20/2009 11:04:54 AM | Computer Name = MEEP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/22/2009 12:21:40 PM | Computer Name = MEEP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/24/2009 1:21:06 AM | Computer Name = MEEP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/24/2009 1:26:27 AM | Computer Name = MEEP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000CF19BF697 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/24/2009 1:26:41 AM | Computer Name = MEEP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/24/2009 1:01:55 PM | Computer Name = MEEP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/24/2009 9:34:17 PM | Computer Name = MEEP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/30/2009 9:50:46 PM | Computer Name = MEEP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type


< End of report >

HERE IS THE OTHER FILE

OTL logfile created on: 1/19/2010 12:42:21 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\fasdf\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 0.65 Gb Free Space | 1.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MEEP
Current User Name: fasdf
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/19 12:41:56 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fasdf\My Documents\Downloads\OTL(4).exe
PRC - [2010/01/17 00:10:35 | 00,429,056 | ---- | M] () -- C:\Documents and Settings\fasdf\Local Settings\Application Data\vtvnym\vxvgsysguard.exe
PRC - [2009/12/22 09:41:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/18 14:00:00 | 00,495,432 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/05/04 13:17:18 | 00,479,232 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2009/02/11 18:31:20 | 00,032,768 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/14 04:42:30 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 11:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2010/01/19 12:41:56 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fasdf\My Documents\Downloads\OTL(4).exe
MOD - [2009/02/11 18:29:52 | 00,073,728 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Spooler)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdauxservice)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/03/17 20:04:01 | 00,138,680 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/09/29 02:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/12/20 20:05:00 | 00,520,192 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/17 11:19:44 | 00,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/08/20 09:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/08/04 23:32:15 | 00,160,792 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctfw2.sys -- (pctfw2)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2007/09/29 03:06:00 | 02,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/14 18:34:00 | 00,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/04/11 14:33:06 | 00,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 14:32:58 | 00,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 14:32:52 | 00,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 14:32:38 | 00,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 14:32:30 | 00,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/01/19 02:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 21:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/06/04 00:27:46 | 00,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2003/09/21 16:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/21 16:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/09/19 14:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/08/28 15:58:40 | 00,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/07/16 12:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/04 20:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
DRV - [2003/03/04 12:56:26 | 00,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 05:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Winamp Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.87
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/15 09:37:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/17 11:19:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/15 09:55:06 | 00,000,000 | ---D | M]

[2009/08/11 23:41:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fasdf\Application Data\Mozilla\Extensions
[2009/08/11 23:41:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fasdf\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/19 10:59:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fasdf\Application Data\Mozilla\Firefox\Profiles\tr4wvfsh.default\extensions
[2008/12/08 13:24:06 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fasdf\Application Data\Mozilla\Firefox\Profiles\tr4wvfsh.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/01/11 18:27:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fasdf\Application Data\Mozilla\Firefox\Profiles\tr4wvfsh.default\extensions\staged-xpis
[2009/12/11 15:49:07 | 00,009,949 | ---- | M] () -- C:\Documents and Settings\fasdf\Application Data\Mozilla\Firefox\Profiles\tr4wvfsh.default\searchplugins\mywebsearch.xml
[2010/01/11 18:26:39 | 00,001,201 | ---- | M] () -- C:\Documents and Settings\fasdf\Application Data\Mozilla\Firefox\Profiles\tr4wvfsh.default\searchplugins\winamp-search.xml
[2010/01/19 12:39:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2003/07/16 12:29:34 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [svrxrrvy] C:\Documents and Settings\fasdf\Local Settings\Application Data\vtvnym\vxvgsysguard.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [COMODO livePCsupport] File not found
O4 - HKCU..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [svrxrrvy] C:\Documents and Settings\fasdf\Local Settings\Application Data\vtvnym\vxvgsysguard.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: trafficdataonline.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {A0A1AF81-BD38-4980-9351-9D4FF712A02A} http://www.trafficdataonline.com/ActiveX/MiovisionActiveX.cab (MediaPlayerCtrl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab (HGPlugin10USA Class)
O16 - DPF: {FF427A37-0AFD-408B-9F78-6EBC7B6D4A2C} http://www.trafficdataonline.com/SerialPortControl/ftspc.ocx (FabulaTech Serial Port Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134 68.87.76.178
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\fasdf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\fasdf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/14 21:13:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{42edbe9c-d227-11dd-a749-000cf19bf697}\Shell - "" = AutoRun
O33 - MountPoints2\{42edbe9c-d227-11dd-a749-000cf19bf697}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/19 12:32:56 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/19 11:20:55 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/19 11:20:52 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/19 11:20:52 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/19 11:20:37 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/19 11:20:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/19 10:47:05 | 00,083,024 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2010/01/19 10:47:05 | 00,057,424 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2010/01/19 10:47:05 | 00,053,840 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2010/01/19 10:47:05 | 00,029,264 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\kcom.sys
[2010/01/19 10:46:44 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/19 10:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\fasdf\Application Data\PC Tools
[2010/01/18 11:08:04 | 00,000,000 | ---D | C] -- C:\Program Files\RegGenie
[2010/01/17 11:12:45 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/01/17 11:10:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\fasdf\Application Data\Comodo
[2010/01/17 09:54:53 | 00,000,000 | ---D | C] -- C:\spoolerlogs
[2010/01/17 00:10:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\fasdf\Local Settings\Application Data\vtvnym
[2010/01/12 20:10:51 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/12 17:57:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\fasdf\My Documents\Downloads
[2010/01/10 11:37:10 | 08,087,352 | ---- | C] (Mozilla) -- C:\Documents and Settings\fasdf\Desktop\Firefox Setup 3.5.7.exe
[2009/12/23 19:29:16 | 38,820,344 | ---- | C] (Google) -- C:\Documents and Settings\fasdf\Desktop\GoogleSketchUpWEN.exe
[2009/07/22 02:00:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/10/02 10:19:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/02 10:19:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/02 10:19:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/09 17:20:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/01/15 20:01:42 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/19 12:39:11 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EF11A483-1DAE-45BF-8AFE-07281C1C6D8B}.job
[2010/01/19 12:35:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/19 12:35:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/19 12:35:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/19 12:34:40 | 07,340,032 | ---- | M] () -- C:\Documents and Settings\fasdf\NTUSER.DAT
[2010/01/19 12:34:40 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\fasdf\ntuser.ini
[2010/01/19 12:14:02 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/19 11:58:49 | 00,002,243 | ---- | M] () -- C:\Documents and Settings\fasdf\Desktop\PaperPort.lnk
[2010/01/19 10:52:21 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\fasdf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/18 18:13:12 | 00,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/01/18 18:13:12 | 00,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2010/01/18 18:08:31 | 00,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/18 17:58:18 | 00,437,694 | ---- | M] () -- C:\Documents and Settings\fasdf\My Documents\registry entry 1.reg
[2010/01/18 17:48:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/18 11:28:13 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\fasdf\Local Settings\Application Data\housecall.guid.cache
[2010/01/18 11:26:47 | 00,001,310 | ---- | M] () -- C:\Documents and Settings\fasdf\My Documents\january 18.reg
[2010/01/18 11:20:52 | 00,000,616 | ---- | M] () -- C:\WINDOWS\RegGenie.ini
[2010/01/17 11:12:48 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO livePCsupport.lnk
[2010/01/15 09:55:07 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/01/13 03:03:51 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 18:02:10 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/01/12 18:02:10 | 00,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/01/12 11:26:15 | 00,000,113 | ---- | M] () -- C:\Documents and Settings\fasdf\Desktop\ProPublica News.URL
[2010/01/10 11:38:57 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/10 11:37:36 | 08,087,352 | ---- | M] (Mozilla) -- C:\Documents and Settings\fasdf\Desktop\Firefox Setup 3.5.7.exe
[2010/01/09 17:41:47 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/31 20:56:52 | 00,002,259 | ---- | M] () -- C:\Documents and Settings\fasdf\Desktop\Skype.lnk
[2009/12/23 19:29:48 | 38,820,344 | ---- | M] (Google) -- C:\Documents and Settings\fasdf\Desktop\GoogleSketchUpWEN.exe
[2009/12/21 11:45:09 | 00,000,084 | ---- | M] () -- C:\Documents and Settings\fasdf\Desktop\Polish-English.URL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/19 12:14:02 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/19 11:20:55 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/19 11:20:52 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/19 11:20:52 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/19 11:20:37 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/18 17:58:18 | 00,437,694 | ---- | C] () -- C:\Documents and Settings\fasdf\My Documents\registry entry 1.reg
[2010/01/18 11:28:13 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\fasdf\Local Settings\Application Data\housecall.guid.cache
[2010/01/18 11:26:47 | 00,001,310 | ---- | C] () -- C:\Documents and Settings\fasdf\My Documents\january 18.reg
[2010/01/18 11:20:52 | 00,000,616 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2010/01/18 11:08:04 | 00,161,816 | ---- | C] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2010/01/17 11:12:48 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO livePCsupport.lnk
[2010/01/15 09:55:07 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/01/12 18:02:10 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/01/12 18:02:10 | 00,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/01/12 11:26:15 | 00,000,113 | ---- | C] () -- C:\Documents and Settings\fasdf\Desktop\ProPublica News.URL
[2010/01/10 11:38:57 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/21 11:45:09 | 00,000,084 | ---- | C] () -- C:\Documents and Settings\fasdf\Desktop\Polish-English.URL
[2009/11/25 21:19:20 | 00,000,116 | ---- | C] () -- C:\WINDOWS\REDEMUNINS.INI
[2009/09/24 17:40:46 | 00,002,079 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\9650_upload_log_0.txt
[2009/09/23 20:18:33 | 00,362,615 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\9600_upload_log_1.txt
[2009/09/06 10:55:59 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\setup_ldm.iss
[2009/06/02 19:09:27 | 00,236,386 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\6709_upload_log_0.txt
[2009/03/26 22:02:01 | 00,000,287 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\4553_upload_log_2.txt
[2009/01/04 17:09:53 | 00,000,291 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/12/07 23:04:18 | 00,004,879 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\2819_upload_log_0.txt
[2008/11/06 18:46:52 | 00,000,185 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\2185_upload_log_1.txt
[2008/11/06 17:41:47 | 00,000,185 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\2183_upload_log_1.txt
[2008/11/05 23:04:37 | 00,000,185 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\2122_upload_log_1.txt
[2008/11/05 21:13:32 | 00,000,185 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\2121_upload_log_2.txt
[2008/09/10 12:02:44 | 00,248,152 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\1028_upload_log_0.txt
[2007/11/26 11:29:42 | 00,006,656 | ---- | C] () -- C:\Documents and Settings\fasdf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/13 19:31:31 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/08/05 17:34:41 | 00,134,247 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\Cosmos Prefs
[2007/08/05 15:46:06 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/31 19:44:15 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/05/31 19:44:15 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/05/19 19:52:11 | 00,000,288 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/05/19 19:52:11 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/05/19 19:50:53 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/05/19 19:49:52 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/03/20 16:44:02 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2007/02/12 20:34:49 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\tasrpten.dll
[2007/02/03 21:02:06 | 00,155,411 | ---- | C] () -- C:\WINDOWS\System32\drivers\dump_wmimmc.sys
[2007/01/16 10:22:35 | 00,000,487 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/16 09:58:59 | 00,000,228 | ---- | C] () -- C:\Documents and Settings\fasdf\Application Data\dm.ini
[2007/01/15 20:03:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/01/15 20:03:38 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/01/15 20:02:37 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/01/15 20:01:46 | 00,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2007/01/15 20:01:46 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/01/15 20:01:45 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/01/15 20:01:44 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2007/01/15 19:13:57 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007/01/15 18:17:36 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2007/01/15 12:46:11 | 00,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/03/04 09:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 10:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

descriptionWin32/Nuqel.E virus EmptyRe: Win32/Nuqel.E virus19th January 2010, 10:25 pm

more_horiz
Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/01/17 00:10:35 | 00,429,056 | ---- | M] () -- C:\Documents and Settings\fasdf\Local Settings\Application Data\vtvnym\vxvgsysguard.exe
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKLM..\Run: [svrxrrvy] C:\Documents and Settings\fasdf\Local Settings\Application Data\vtvnym\vxvgsysguard.exe ()
    O4 - HKCU..\Run: [svrxrrvy] C:\Documents and Settings\fasdf\Local Settings\Application Data\vtvnym\vxvgsysguard.exe ()
    [2010/01/17 00:10:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\fasdf\Local Settings\Application Data\vtvnym



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win32/Nuqel.E virus DXwU4
Win32/Nuqel.E virus VvYDg

descriptionWin32/Nuqel.E virus EmptyRe: Win32/Nuqel.E virus20th January 2010, 6:44 pm

more_horiz
Hello again,
I tried your suggestion today. Below is the result of the RUN FIX.
What's next ?


========== OTL ==========
Process vxvgsysguard.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svrxrrvy deleted successfully.
C:\Documents and Settings\fasdf\Local Settings\Application Data\vtvnym\vxvgsysguard.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\svrxrrvy deleted successfully.
File C:\Documents and Settings\fasdf\Local Settings\Application Data\vtvnym\vxvgsysguard.exe not found.
C:\Documents and Settings\fasdf\Local Settings\Application Data\vtvnym folder moved successfully.

OTL by OldTimer - Version 3.1.25.2 log created on 01202010_103554

descriptionWin32/Nuqel.E virus EmptyRe: Win32/Nuqel.E virus20th January 2010, 8:22 pm

more_horiz
You're the Man! Your latest advice with RUNFIX option worked great. No more pop-ups and the virus is gone.
Great Thanks !!

descriptionWin32/Nuqel.E virus EmptyRe: Win32/Nuqel.E virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum