Win32/Nuqel.E and Bankerfox.A

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Sun 18 Jul 2010, 9:59 am

The two virusses have infected my desktop (Window XP) to the point where I can not execute and file ... the only thing I can do is start explorer and download my files....I can not run any spyware or removal programs... it really lets me run nothing... not even RUN regedt or cmd

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Sun 18 Jul 2010, 2:38 pm

Hi, welcome to GeekPolice.net!

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

=======

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Sun 18 Jul 2010, 4:47 pm

I will try, but it does not allow me to execute any .exe files..... Have you heard of these virusses doing that?

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Sun 18 Jul 2010, 4:50 pm

Hi,

Yes, in fact, most rogue security programs do that.

Have you tried all the different file types?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Mon 19 Jul 2010, 2:29 am

I appologize for being such a lehman, but what different file types are there and to do what with?

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Mon 19 Jul 2010, 3:41 am

Hi,

There are 3 different file types for each program which are .scr and .com, could you please download mirror 2 and 3 of Rkill and the links at the bottom of the OTL instructions, then try to run those.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Mon 19 Jul 2010, 3:58 am

Thanks, I will try them




marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Mon 19 Jul 2010, 7:18 pm

I have tried running 2 file types, the 3rd is an ACAD file and it doesn't show in my list after downloading it.
None of the files will run in regular mode, all are stopped by the virus. In Safemode I can run them but then a window pops open asking if I want to pick from a list of programs to use to run the file or search on the inet for the appropriate program to use...... I can't seem to get online in Safe Mode.

Any other suggestions?

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Tue 20 Jul 2010, 6:06 am

Hi,

Great, I have a perfect way of getting OTL to run, please download OTL.com and exeHelper and run exeHelper first and then OTL.com in safe mode.

Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Tue 20 Jul 2010, 3:35 pm

I ran exeHelper.exe, that went well. saved the log.txt Then I ran otl.exe and the window that opened has so many options I do not know what to do with it... What next?

Thanks sofar :-)

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Wed 21 Jul 2010, 5:04 am

Hi,

Please just click on the 'Run Scan' button, then post the two logs that pop up here, you will need to split them into around 2 or 3 posts.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Wed 21 Jul 2010, 5:26 am

Here is the exehelperlog.txt

exeHelper by Raktor
Build 20100414
Run at 21:30:06 on 07/19/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:31:07 on 07/19/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

I will run the OTL Run Scan and post the log.

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Wed 21 Jul 2010, 6:11 am

Here is the OTL log txt: Part 1


OTL logfile created on: 7/20/2010 11:35:18 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 766.00 Mb Available Physical Memory | 75.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 31.81 Gb Free Space | 42.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 95.78 Mb Total Space | 58.97 Mb Free Space | 61.57% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: D1N8R751
Current User Name: Marcel Huizing
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/18 21:00:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2010/04/15 13:39:52 | 001,861,448 | ---- | M] (VoiceFive Networks, Inc.) -- C:\Program Files\PremierOpinion\pmropn.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/18 21:00:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/04/30 16:02:52 | 000,159,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\WinTask\Bin\SchedSrv.exe -- (WTScheduler)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/09/15 10:01:39 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2004/06/29 16:14:38 | 000,193,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/04/23 11:04:18 | 000,158,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/01/27 19:06:54 | 000,218,232 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2003/12/04 18:22:30 | 000,193,816 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan)
SRV - [2003/11/10 13:30:12 | 000,234,656 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2003/11/10 13:30:10 | 000,087,200 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2003/11/10 13:30:04 | 000,255,136 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/06/24 16:23:10 | 000,066,784 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\script Blocking\SBServ.exe -- (SBService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\plturbo.sys -- (PLTurbo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\plturbh.sys -- (PLTurbh)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/29 10:28:38 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MA111nd5.sys -- (WlanUIB)
DRV - [2004/09/29 10:28:38 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MA111nd5.sys -- (WLAN_USB)
DRV - [2004/09/29 10:28:36 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/09/01 01:00:00 | 000,617,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040901.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/09/01 01:00:00 | 000,068,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040901.016\NAVENG.SYS -- (NAVENG)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/07 04:13:22 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/07/01 23:23:26 | 000,170,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO)
DRV - [2004/06/29 16:13:52 | 000,263,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/29 16:13:46 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/06/29 16:13:42 | 000,046,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2004/06/29 16:13:40 | 000,166,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2004/06/29 16:13:40 | 000,051,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2004/06/29 16:13:34 | 000,011,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/03/14 23:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/14 23:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/14 23:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/14 23:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/14 23:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/14 23:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/14 23:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/14 23:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/14 23:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/02/27 00:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 01:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 17:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 17:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/12/04 18:22:30 | 000,308,416 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT)
DRV - [2003/12/04 18:22:30 | 000,037,056 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - [2003/11/21 14:05:02 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/05/23 10:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)
DRV - [2002/10/13 21:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)
DRV - [2002/07/25 11:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Bulk504.sys -- (USBCamera)
DRV - [2002/06/18 14:55:56 | 000,516,149 | ---- | M] (Digital Camera.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CA504AV.SYS -- (Ca504av)
DRV - [2002/06/14 10:46:32 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbbc.sys -- (Wdm1)
DRV - [2002/05/31 13:01:00 | 000,012,338 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/01/24 09:20:10 | 000,024,160 | R--- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuvaud2.sys -- (nuvaud2)
DRV - [2001/01/24 09:18:08 | 000,147,840 | R--- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuvvid2.sys -- (nuvvid2)
DRV - [2000/04/27 17:29:02 | 000,447,245 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\C-itNT.sys -- (XIRLINK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://orion.mesacc.edu/portal/"
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.326.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - HKLM\software\mozilla\Firefox\Extensions\\Zango@Zango.com: C:\Program Files\Zango\bin\10.0.370.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\PremierOpinion [2010/07/19 00:57:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 07:45:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/12 09:02:31 | 000,000,000 | ---D | M]

[2009/01/15 15:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Extensions
[2010/07/16 12:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\extensions
[2010/06/03 08:47:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/14 00:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/06/22 13:44:58 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2002/08/29 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Zango) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll File not found
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (WTBho Class) - {348FE907-249E-4C65-A838-F34A193FE1D1} - C:\Program Files\WinTask\Bin\TaskBHO.dll ()
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No CLSID value found.
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zango) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll File not found
O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Zango) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [fpdodipa] C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd\wwvqpootssd.exe ()
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WTIndicator] C:\Program Files\WinTask\Bin\SchedInd.exe ()
O4 - HKLM..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.370.0\OEAddOn.exe File not found
O4 - HKLM..\Run: [ZangoSA] C:\Program Files\Zango\bin\10.0.370.0\ZangoSA.exe File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Marcel Huizing\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\Marcel Huizing\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Wed 21 Jul 2010, 6:13 am

OTL log txt: Part 2

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [You must be registered and logged in to see this link.] (DeviceEnum Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} [You must be registered and logged in to see this link.] (PtClickLoan Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\PremierOpinion: DllName - C:\Program Files\PremierOpinion\pmls.dll - C:\Program Files\PremierOpinion\pmls.dll (VoiceFive Networks, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Marcel Huizing\My Documents\Business\OvertakeRacing\Marcel\sreensaver\lean-2.BMP
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcel Huizing\My Documents\Business\OvertakeRacing\Marcel\sreensaver\lean-2.BMP
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/14 15:40:06 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4fbf92b5-e263-11db-a629-000f1f4e4f76}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- File not found
O33 - MountPoints2\{fa48b5a3-d120-11dc-a67b-000f1f4e4f76}\Shell - "" = AutoRun
O33 - MountPoints2\{fa48b5a3-d120-11dc-a67b-000f1f4e4f76}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa48b5a3-d120-11dc-a67b-000f1f4e4f76}\Shell\AutoRun\command - "" = H:\dvdrun.exe -- File not found
O33 - MountPoints2\{fa48b5a3-d120-11dc-a67b-000f1f4e4f76}\Shell\launchMP\command - "" = H:\Setup_AR.exe -- File not found
O33 - MountPoints2\{fa48b5a3-d120-11dc-a67b-000f1f4e4f76}\Shell\readit\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/13 17:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/16 19:27:19 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/07/16 19:27:16 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/16 19:27:16 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/07/16 19:27:02 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/07/16 19:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/16 19:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/16 19:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Application Data\PC Tools
[2010/07/16 19:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/07/16 19:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/16 10:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd
[2010/07/13 20:16:17 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/06 13:59:46 | 000,000,000 | ---D | C] -- C:\Course Technology
[2010/07/06 10:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\PCHealth
[2010/06/29 09:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/06/29 09:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/29 09:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/06/29 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/29 09:19:46 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/23 03:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/06/21 10:23:59 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/06/21 10:20:32 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/06/21 10:20:32 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/06/21 09:41:56 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/06/21 09:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\Microsoft Help
[2010/06/21 09:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/06/21 09:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Application Data\Nero
[2010/06/19 10:47:19 | 000,666,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys
[2006/09/19 13:41:35 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\imploDE.DLL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/20 11:33:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/20 11:29:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/20 11:22:23 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Marcel Huizing\NTUSER.DAT
[2010/07/20 11:22:20 | 000,832,656 | -H-- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\IconCache.db
[2010/07/20 08:09:02 | 000,158,088 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/20 08:06:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/20 08:06:15 | 000,540,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/20 08:04:44 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Marcel Huizing\NTUSER.INI
[2010/07/19 01:05:45 | 000,001,170 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/19 00:55:43 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/18 18:47:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007UA.job
[2010/07/18 17:30:21 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 16:47:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007Core.job
[2010/07/16 19:27:11 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/14 09:35:11 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/14 09:16:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Word 2007.lnk
[2010/07/14 01:00:49 | 000,001,373 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2010/07/13 15:59:00 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\GoDaddy.url
[2010/07/12 09:40:58 | 000,050,778 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\done.url
[2010/07/11 10:18:16 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Cox Cable Guide.url
[2010/07/09 14:10:22 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Radio.url
[2010/07/09 13:40:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 16:23:30 | 000,000,905 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/06 16:22:42 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/05 15:54:30 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\FaceBook.url
[2010/07/03 23:48:03 | 000,003,256 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Default.sfvidcap
[2010/07/03 23:47:38 | 000,012,848 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Still 001.jpg
[2010/07/03 23:45:03 | 020,834,816 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Clip 001.avi
[2010/07/03 10:22:56 | 000,031,481 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-diagram.jpg
[2010/07/03 10:22:56 | 000,029,560 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-skimmer.jpg
[2010/07/03 10:21:20 | 000,019,907 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Plumbing_Basic_631.jpg
[2010/07/01 13:45:29 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\ViewerApp.dat
[2010/06/30 10:48:00 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/26 22:40:41 | 000,307,311 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\6022_operation_guide[1].pdf
[2010/06/21 11:55:19 | 000,384,596 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/21 11:55:19 | 000,054,280 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/21 11:55:18 | 000,442,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/16 19:27:20 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/07/16 19:27:16 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/07/16 19:27:16 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/07/16 19:27:11 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/16 19:27:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/07/14 09:15:09 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Word 2007.lnk
[2010/07/06 16:24:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/06 16:22:42 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/03 23:47:37 | 000,012,848 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Still 001.jpg
[2010/07/03 23:44:53 | 020,834,816 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Clip 001.avi
[2010/07/03 10:23:29 | 000,029,560 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-skimmer.jpg
[2010/07/03 10:23:19 | 000,031,481 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-diagram.jpg
[2010/07/03 10:21:49 | 000,019,907 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Plumbing_Basic_631.jpg
[2010/06/29 09:42:46 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/26 22:40:38 | 000,307,311 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\6022_operation_guide[1].pdf
[2010/06/26 22:32:05 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Cox Cable Guide.url
[2010/04/05 15:24:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
[2010/01/16 21:43:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2009/03/20 09:03:44 | 000,000,849 | ---- | C] () -- C:\WINDOWS\capture.INI
[2009/01/21 14:05:50 | 000,000,171 | ---- | C] () -- C:\WINDOWS\AutoScreenRecorder.INI
[2009/01/17 22:04:25 | 000,000,389 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2008/06/18 02:20:16 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2008/06/18 02:20:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/06/14 09:20:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\route.ini
[2008/02/03 09:19:38 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/03 09:19:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/03 09:19:38 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/03 09:19:37 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/12/05 10:03:33 | 000,001,583 | ---- | C] () -- C:\WINDOWS\VBOSS.INI
[2007/12/05 10:03:12 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\ssce.INI
[2007/12/05 10:03:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\UnzipCtrl.dll
[2007/12/05 10:03:04 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\ZipCtrl.dll
[2007/12/05 09:41:21 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\SP32W.DLL
[2007/11/07 11:10:14 | 000,000,314 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2007/11/07 11:09:40 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\FAXMON.DLL
[2007/03/01 09:29:25 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SWFConverter.INI
[2007/03/01 09:29:03 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/01 09:29:03 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/21 10:48:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/07 08:39:01 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\PdfPorts.dll
[2006/10/03 09:04:23 | 000,000,193 | ---- | C] () -- C:\WINDOWS\VMan.INI
[2006/04/24 19:36:49 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/01/13 10:50:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2006/01/11 23:04:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PNTINFO.INI
[2005/09/05 03:08:32 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2005/04/14 15:18:13 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/03/11 16:09:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/01/26 17:09:41 | 000,000,049 | ---- | C] () -- C:\WINDOWS\atg.ini
[2005/01/23 03:18:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VideoWave.INI
[2004/11/08 22:26:48 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/11/08 22:26:47 | 000,001,078 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/09/18 12:51:52 | 000,002,144 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/09/02 09:52:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2004/09/02 09:52:33 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll
[2004/08/29 13:58:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/08/29 13:42:07 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2004/08/17 16:56:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2004/08/17 16:56:47 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2004/08/17 16:56:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2004/08/17 16:56:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2004/08/17 16:56:47 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw504a.ini
[2004/08/17 16:56:47 | 000,001,906 | ---- | C] () -- C:\WINDOWS\CA504A.INI
[2004/08/17 16:56:47 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\I-dext504.ini
[2004/08/17 16:56:47 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\S-dext504.ini
[2004/08/17 16:56:47 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\F-dext504.ini
[2004/08/17 16:56:47 | 000,000,458 | ---- | C] () -- C:\WINDOWS\System32\P-dext504.ini
[2004/08/17 16:56:47 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\G-dext504.ini
[2004/08/17 16:56:47 | 000,000,454 | ---- | C] () -- C:\WINDOWS\System32\H-dext504.ini
[2004/08/17 16:56:47 | 000,000,453 | ---- | C] () -- C:\WINDOWS\System32\E-dext504.ini
[2004/08/17 16:56:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Setup504.ini
[2004/08/17 16:56:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2004/08/15 23:19:40 | 000,000,244 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2004/08/14 17:49:14 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2004/08/09 11:20:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2004/08/09 11:20:30 | 000,042,172 | ---- | C] () -- C:\WINDOWS\php.ini
[2004/08/07 15:55:37 | 000,000,478 | ---- | C] () -- C:\WINDOWS\my.ini
[2004/07/31 11:08:59 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/07/31 11:04:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\sbaparam.dll
[2004/07/31 11:04:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\sbautils.dll
[2004/07/31 11:04:00 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\EmbeddedDX.dll
[2004/07/31 11:03:59 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2004/07/31 11:03:59 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2004/07/31 11:03:59 | 000,001,433 | ---- | C] () -- C:\WINDOWS\WINPOINT.INI
[2004/07/31 11:03:59 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2004/07/31 11:03:59 | 000,000,255 | ---- | C] () -- C:\WINDOWS\GrAdr16.ini
[2004/07/31 11:03:59 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2004/07/27 16:26:50 | 000,000,062 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2004/07/20 21:45:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/07/20 11:48:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/07/17 21:19:14 | 000,000,829 | ---- | C] () -- C:\WINDOWS\SMVIEW.INI
[2004/07/17 18:14:13 | 000,000,512 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2004/07/17 18:13:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\xl_setup.ini
[2004/07/17 09:37:40 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2004/07/17 08:53:09 | 000,001,373 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/07/16 21:17:18 | 000,000,905 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/07 04:25:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/07 04:12:24 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/07 04:08:43 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/07 03:54:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/07 03:54:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/07 03:40:10 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 14:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/27 10:32:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\DSWndinet.dll
[2003/09/08 15:07:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hhsaid.dll
[1999/10/13 15:59:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\gns2kzip.dll
[1999/07/29 01:27:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/02/27 12:13:12 | 000,000,586 | ---- | C] () -- C:\WINDOWS\3DFAX.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Wed 21 Jul 2010, 7:20 am

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Wed 21 Jul 2010, 9:25 am

OK... here is what I did: I am working with 2 computers since I can not work with the infected one:

* Downloaded Combofix.exe to my memstick
* Renamed it to commy.exe
* Copied commy.exe to Desktop of infected computer
* Ran Safe Mode and executed "%userprofile%\desktop\commy.exe" /stepdel
* When I got to the request to install MS window recovery console it tried to get online but could not because of Safe Mode
* Tried running commy.exe in regular mode, but came up as infected again...

Anymore suggestion or did I do something wrong?

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Wed 21 Jul 2010, 10:01 am

Hi,

Please go into Safe Mode with Networking, and try.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Wed 21 Jul 2010, 11:19 am

It stopped and popped up a windo said. "Detected a rootkit.... and needs to reboot"


marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Wed 21 Jul 2010, 11:21 am

restarted and safe mode is asking for

Microsoft Windows Recovery Console
or
Microsoft Windows XP Home Edition

Which should I click?

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Wed 21 Jul 2010, 1:18 pm

Hi,

Please choose: Microsoft Windows XP Home Edition


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Wed 21 Jul 2010, 5:59 pm

OK, now it asks F1 to continue or F2 for setup utility

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Wed 21 Jul 2010, 11:53 pm

Hi,

Please do F1, but be sure it isn't asking for a reformat.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Thu 22 Jul 2010, 2:28 am

It's rebooting.... should I still be in Safe Mode?

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Thu 22 Jul 2010, 4:39 am

Hi,

It can be in either Safe mode or Normal mode.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Thu 22 Jul 2010, 1:18 pm

ComboFix 10-07-20.01 - Marcel Huizing 07/21/2010 12:32:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.672 [GMT -7:00]
Running from: c:\documents and settings\Marcel Huizing\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\ZangoSA
c:\documents and settings\Marcel Huizing\Application Data\Zango
c:\documents and settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd
c:\documents and settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd\wwvqpootssd.exe
c:\documents and settings\Marcel Huizing\System
c:\program files\A360
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\zango
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte10_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte11_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte12_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte13_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte14_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte9_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030203lib_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102angel_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102bigluf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102birthday_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102cheers_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102flo_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102good_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102jump_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102king_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102lough_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102luf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102smile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102smiled_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102sor_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102thanx_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102uhu_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\040103ahh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\040103wow_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\040104_emi2_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\042102_1134_112_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\050103big_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\050103gig_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\050103hm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\050103norm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema15_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema16_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema17_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema18_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema24_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema25_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema26_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema30_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema33_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema34_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\062802hippi_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\062802jumpie_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\080402argh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\080402oops_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\080402ouch_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\082502no_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\082502yes_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_boring1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_confused_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_fantastic_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_feel_better_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_gimme_break_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_heehee_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_hlopaet_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_ign_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_lol_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_no_comment_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_peace_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_smashing_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\block_sm.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\block_sm2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\block_smli.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\block_smli2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\blocked.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\blocked2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_add-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_back-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_left_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_left_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_middle_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_middle_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_right_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_right_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\business_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\css_cattree.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\css_flashpreview.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\css2_main.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\css2_pagingmodule.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\css2_topbuttons.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\delete.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\edit_clear_sound.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\edit_fs.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\edit_select.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-543450.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-589306.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-591943.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-592579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-598579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-603763.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-9696.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-bcards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-ecards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-emoticons.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-estationery.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-funny.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-help.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-images.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-info.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-more.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-my.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-new2.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-options.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-photo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-tell.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-temp.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-text.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-voice.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-premium-email-premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-temp-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\estatationery.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\flashpatch.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\flashpreview.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\fs3.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\hotbar_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_checked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_close_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_close_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_edit_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_edit_send.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_flash_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_recently_used.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_remove_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_remove_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_sand-clock2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_tell_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_tell_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_tree_null.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_unchecked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout4.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\img_corner_left.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\img_local_logo.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_basetemplate.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_hbgroups.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_hbobject3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_hbobjectset3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_hotbarwrapper.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_texts3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_xmltree3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\linkpathlegal.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\n.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\nav_b_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\nav_bb_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\nav_f_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\nav_ff_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\searchbtn.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\submit.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_bg.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_bga.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_bgia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_l.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_la.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_lia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_r.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_ra.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_ria.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tree_dots.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tree_minus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tree_plus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_animations.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_backgrounds.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_ecards.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_emoticons.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_notifiers.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_text.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte10_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte11_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte12_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte13_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte14_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte9_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030203lib_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102angel_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102bigluf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102bigsmile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102birthday_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102cheers_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102flo_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102good_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102jump_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102king_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102lough_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102luf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102smile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102smiled_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102sor_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102thanx_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102uhu_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\040103ahh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\040103wow_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\040104_emi2_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\042102_1134_112_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\050103big_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\050103gig_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\050103hm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\050103nomail_emoti_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\050103norm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema15_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema16_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema17_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema18_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema24_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema25_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema26_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema30_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema33_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema34_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\062802hippi_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\062802jumpie_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\080402argh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\080402oops_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\080402ouch_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\082502no_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\082502yes_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_boring1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_confused_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_crying_ugly_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_fantastic_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_feel_better_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_gimme_break_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_heehee_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_hlopaet_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_ign_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_lol_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_no_comment_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_peace_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_smashing_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_talk2thehand_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\block_sm.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\block_sm2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\block_smli.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\block_smli2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\blocked.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\blocked2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_add-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_back-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_left_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_left_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_left_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_middle_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_middle_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_right_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_right_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_right_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\business_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\css_cattree.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\css_flashpreview.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\css2_main.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\css2_pagingmodule.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\css2_topbuttons.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\delete.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\edit_clear_sound.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\edit_fs.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\edit_select.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-543450.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-589306.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-591943.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-592579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-598579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-603763.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-9696.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-backgrounds.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-bcards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-ecards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-emoticons.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-estationery.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-funny.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-help.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-images.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-info.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-more.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-my.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-new2.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-options.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-photo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-tell.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-temp.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-text.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-voice.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-premium-email-premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-temp-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\estatationery.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\flashpatch.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\flashpreview.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\fs3.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\hotbar_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_checked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_close_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_close_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_edit_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_edit_send.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_flash_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_recently_used.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_remove_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_remove_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_sand-clock2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_tell_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_tell_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_tree_null.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_unchecked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_unchecked_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout4.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\img_corner_left.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\img_local_logo.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_basetemplate.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_hbgroups.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_hbobject3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_hbobjectset3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_hotbarwrapper.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_iteratorsandreaders3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_pagingmoduleobj3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_texts3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_xmltree3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\linkpathlegal.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\n.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\nav_b_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\nav_bb_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\nav_f_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\nav_ff_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\searchbtn.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\submit.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_bg.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_bga.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_bgia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_l.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_la.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_lia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_r.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_ra.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_ria.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tree_dots.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tree_minus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tree_plus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_animations.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_backgrounds.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_ecards.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_emoticons.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_notifiers.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_text.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\business_promo.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\buttondir.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\code.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\cursors.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-def.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-temp-bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\hotbar_promo.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\images.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\layout.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\localcontent.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\progress.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\sales_buttons.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\treexml.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\zango_btn.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte10_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte11_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte12_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte13_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte14_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte9_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030203lib_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102angel_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102bigluf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102bigsmile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102birthday_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102cheers_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102flo_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102good_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102jump_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102king_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102lough_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102luf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102smile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102smiled_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102sor_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102thanx_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102uhu_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\040103ahh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\040103wow_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\040104_emi2_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\042102_1134_112_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\050103big_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\050103gig_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\050103hm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\050103nomail_emoti_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\050103norm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema15_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema16_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema17_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema18_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema24_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema25_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema26_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema30_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema33_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema34_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\062802hippi_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\062802jumpie_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\080402argh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\080402oops_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\080402ouch_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\082502no_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\082502yes_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_boring1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_confused_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_crying_ugly_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_fantastic_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_feel_better_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_gimme_break_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_heehee_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_hlopaet_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_ign_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_lol_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_no_comment_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_peace_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_smashing_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_talk2thehand_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\block_sm.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\block_sm2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\block_smli.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\block_smli2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\blocked.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\blocked2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_add-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_back-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_left_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_left_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_left_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_middle_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_middle_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_right_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_right_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_right_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\business_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\css_cattree.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\css_flashpreview.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\css2_main.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\css2_pagingmodule.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\css2_topbuttons.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\delete.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\edit_clear_sound.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\edit_fs.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\edit_select.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-543450.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-589306.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-591943.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-592579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-598579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-603763.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-9696.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-backgrounds.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-bcards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-ecards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-emoticons.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-estationery.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-funny.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-help.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-images.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-info.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-more.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-my.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-new2.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-options.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-photo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-tell.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-temp.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-text.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-voice.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-premium-email-premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-temp-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\estatationery.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\flashpatch.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\flashpreview.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\fs3.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\hotbar_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_checked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_close_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_close_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_edit_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_edit_send.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_flash_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_recently_used.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_remove_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_remove_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_sand-clock2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_tell_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_tell_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_tree_null.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_unchecked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_unchecked_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout4.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\img_corner_left.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\img_local_logo.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_basetemplate.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_hbgroups.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_hbobject3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_hbobjectset3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_hotbarwrapper.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_iteratorsandreaders3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_pagingmoduleobj3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_texts3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_xmltree3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\linkpathlegal.txt

marcusmax2001

Newbie Surfer
Newbie Surfer

Posts : 38
Joined : 2010-07-18
Operating System : xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sponsored content Today at 11:21 pm


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum