Win32/Nuqel.E and Bankerfox.A

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 17th July 2010, 10:59 pm

The two virusses have infected my desktop (Window XP) to the point where I can not execute and file ... the only thing I can do is start explorer and download my files....I can not run any spyware or removal programs... it really lets me run nothing... not even RUN regedt or cmd

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 18th July 2010, 3:38 am

Hi, welcome to GeekPolice.net! Smile

Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

=======

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 18th July 2010, 5:47 am

I will try, but it does not allow me to execute any .exe files..... Have you heard of these virusses doing that?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 18th July 2010, 5:50 am

Hi, Smile

Yes, in fact, most rogue security programs do that.

Have you tried all the different file types?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 18th July 2010, 3:29 pm

I appologize for being such a lehman, but what different file types are there and to do what with?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 18th July 2010, 4:41 pm

Hi, Smile

There are 3 different file types for each program which are .scr and .com, could you please download mirror 2 and 3 of Rkill and the links at the bottom of the OTL instructions, then try to run those. Right On!


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 18th July 2010, 4:58 pm

Thanks, I will try them




marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 19th July 2010, 8:18 am

I have tried running 2 file types, the 3rd is an ACAD file and it doesn't show in my list after downloading it.
None of the files will run in regular mode, all are stopped by the virus. In Safemode I can run them but then a window pops open asking if I want to pick from a list of programs to use to run the file or search on the inet for the appropriate program to use...... I can't seem to get online in Safe Mode.

Any other suggestions?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 19th July 2010, 7:06 pm

Hi, Smile

Great, I have a perfect way of getting OTL to run, please download OTL.com and exeHelper and run exeHelper first and then OTL.com in safe mode.

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 20th July 2010, 4:35 am

I ran exeHelper.exe, that went well. saved the log.txt Then I ran otl.exe and the window that opened has so many options I do not know what to do with it... What next?

Thanks sofar :-)

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 20th July 2010, 6:04 pm

Hi, Smile

Please just click on the 'Run Scan' button, then post the two logs that pop up here, you will need to split them into around 2 or 3 posts. Smile


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 20th July 2010, 6:26 pm

Here is the exehelperlog.txt

exeHelper by Raktor
Build 20100414
Run at 21:30:06 on 07/19/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:31:07 on 07/19/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

I will run the OTL Run Scan and post the log.

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 20th July 2010, 7:11 pm

Here is the OTL log txt: Part 1


OTL logfile created on: 7/20/2010 11:35:18 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 766.00 Mb Available Physical Memory | 75.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 31.81 Gb Free Space | 42.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 95.78 Mb Total Space | 58.97 Mb Free Space | 61.57% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: D1N8R751
Current User Name: Marcel Huizing
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/18 21:00:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2010/04/15 13:39:52 | 001,861,448 | ---- | M] (VoiceFive Networks, Inc.) -- C:\Program Files\PremierOpinion\pmropn.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/18 21:00:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/04/30 16:02:52 | 000,159,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\WinTask\Bin\SchedSrv.exe -- (WTScheduler)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/09/15 10:01:39 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2004/06/29 16:14:38 | 000,193,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/04/23 11:04:18 | 000,158,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/01/27 19:06:54 | 000,218,232 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2003/12/04 18:22:30 | 000,193,816 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan)
SRV - [2003/11/10 13:30:12 | 000,234,656 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2003/11/10 13:30:10 | 000,087,200 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2003/11/10 13:30:04 | 000,255,136 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/06/24 16:23:10 | 000,066,784 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\script Blocking\SBServ.exe -- (SBService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\plturbo.sys -- (PLTurbo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\plturbh.sys -- (PLTurbh)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/29 10:28:38 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MA111nd5.sys -- (WlanUIB)
DRV - [2004/09/29 10:28:38 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MA111nd5.sys -- (WLAN_USB)
DRV - [2004/09/29 10:28:36 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/09/01 01:00:00 | 000,617,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040901.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/09/01 01:00:00 | 000,068,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040901.016\NAVENG.SYS -- (NAVENG)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/07 04:13:22 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/07/01 23:23:26 | 000,170,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO)
DRV - [2004/06/29 16:13:52 | 000,263,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/29 16:13:46 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/06/29 16:13:42 | 000,046,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2004/06/29 16:13:40 | 000,166,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2004/06/29 16:13:40 | 000,051,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2004/06/29 16:13:34 | 000,011,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/03/14 23:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/14 23:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/14 23:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/14 23:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/14 23:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/14 23:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/14 23:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/14 23:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/14 23:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/02/27 00:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 01:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 17:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 17:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/12/04 18:22:30 | 000,308,416 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT)
DRV - [2003/12/04 18:22:30 | 000,037,056 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - [2003/11/21 14:05:02 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/05/23 10:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)
DRV - [2002/10/13 21:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)
DRV - [2002/07/25 11:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Bulk504.sys -- (USBCamera)
DRV - [2002/06/18 14:55:56 | 000,516,149 | ---- | M] (Digital Camera.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CA504AV.SYS -- (Ca504av)
DRV - [2002/06/14 10:46:32 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbbc.sys -- (Wdm1)
DRV - [2002/05/31 13:01:00 | 000,012,338 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/01/24 09:20:10 | 000,024,160 | R--- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuvaud2.sys -- (nuvaud2)
DRV - [2001/01/24 09:18:08 | 000,147,840 | R--- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuvvid2.sys -- (nuvvid2)
DRV - [2000/04/27 17:29:02 | 000,447,245 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\C-itNT.sys -- (XIRLINK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://orion.mesacc.edu/portal/"
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.326.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - HKLM\software\mozilla\Firefox\Extensions\\Zango@Zango.com: C:\Program Files\Zango\bin\10.0.370.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\PremierOpinion [2010/07/19 00:57:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 07:45:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/12 09:02:31 | 000,000,000 | ---D | M]

[2009/01/15 15:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Extensions
[2010/07/16 12:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\extensions
[2010/06/03 08:47:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/14 00:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/06/22 13:44:58 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2002/08/29 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Zango) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll File not found
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (WTBho Class) - {348FE907-249E-4C65-A838-F34A193FE1D1} - C:\Program Files\WinTask\Bin\TaskBHO.dll ()
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No CLSID value found.
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zango) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll File not found
O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Zango) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [fpdodipa] C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd\wwvqpootssd.exe ()
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WTIndicator] C:\Program Files\WinTask\Bin\SchedInd.exe ()
O4 - HKLM..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.370.0\OEAddOn.exe File not found
O4 - HKLM..\Run: [ZangoSA] C:\Program Files\Zango\bin\10.0.370.0\ZangoSA.exe File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Marcel Huizing\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\Marcel Huizing\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 20th July 2010, 7:13 pm

OTL log txt: Part 2

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [You must be registered and logged in to see this link.] (DeviceEnum Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} [You must be registered and logged in to see this link.] (PtClickLoan Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\PremierOpinion: DllName - C:\Program Files\PremierOpinion\pmls.dll - C:\Program Files\PremierOpinion\pmls.dll (VoiceFive Networks, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Marcel Huizing\My Documents\Business\OvertakeRacing\Marcel\sreensaver\lean-2.BMP
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcel Huizing\My Documents\Business\OvertakeRacing\Marcel\sreensaver\lean-2.BMP
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/14 15:40:06 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4fbf92b5-e263-11db-a629-000f1f4e4f76}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- File not found
O33 - MountPoints2\{fa48b5a3-d120-11dc-a67b-000f1f4e4f76}\Shell - "" = AutoRun
O33 - MountPoints2\{fa48b5a3-d120-11dc-a67b-000f1f4e4f76}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa48b5a3-d120-11dc-a67b-000f1f4e4f76}\Shell\AutoRun\command - "" = H:\dvdrun.exe -- File not found
O33 - MountPoints2\{fa48b5a3-d120-11dc-a67b-000f1f4e4f76}\Shell\launchMP\command - "" = H:\Setup_AR.exe -- File not found
O33 - MountPoints2\{fa48b5a3-d120-11dc-a67b-000f1f4e4f76}\Shell\readit\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/13 17:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/16 19:27:19 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/07/16 19:27:16 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/16 19:27:16 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/07/16 19:27:02 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/07/16 19:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/16 19:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/16 19:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Application Data\PC Tools
[2010/07/16 19:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/07/16 19:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/16 10:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd
[2010/07/13 20:16:17 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/06 13:59:46 | 000,000,000 | ---D | C] -- C:\Course Technology
[2010/07/06 10:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\PCHealth
[2010/06/29 09:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/06/29 09:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/29 09:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/06/29 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/29 09:19:46 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/23 03:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/06/21 10:23:59 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/06/21 10:20:32 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/06/21 10:20:32 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/06/21 09:41:56 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/06/21 09:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\Microsoft Help
[2010/06/21 09:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/06/21 09:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Application Data\Nero
[2010/06/19 10:47:19 | 000,666,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys
[2006/09/19 13:41:35 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\imploDE.DLL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/20 11:33:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/20 11:29:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/20 11:22:23 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Marcel Huizing\NTUSER.DAT
[2010/07/20 11:22:20 | 000,832,656 | -H-- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\IconCache.db
[2010/07/20 08:09:02 | 000,158,088 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/20 08:06:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/20 08:06:15 | 000,540,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/20 08:04:44 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Marcel Huizing\NTUSER.INI
[2010/07/19 01:05:45 | 000,001,170 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/19 00:55:43 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/18 18:47:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007UA.job
[2010/07/18 17:30:21 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 16:47:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007Core.job
[2010/07/16 19:27:11 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/14 09:35:11 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/14 09:16:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Word 2007.lnk
[2010/07/14 01:00:49 | 000,001,373 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2010/07/13 15:59:00 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\GoDaddy.url
[2010/07/12 09:40:58 | 000,050,778 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\done.url
[2010/07/11 10:18:16 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Cox Cable Guide.url
[2010/07/09 14:10:22 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Radio.url
[2010/07/09 13:40:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 16:23:30 | 000,000,905 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/06 16:22:42 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/05 15:54:30 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\FaceBook.url
[2010/07/03 23:48:03 | 000,003,256 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Default.sfvidcap
[2010/07/03 23:47:38 | 000,012,848 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Still 001.jpg
[2010/07/03 23:45:03 | 020,834,816 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Clip 001.avi
[2010/07/03 10:22:56 | 000,031,481 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-diagram.jpg
[2010/07/03 10:22:56 | 000,029,560 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-skimmer.jpg
[2010/07/03 10:21:20 | 000,019,907 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Plumbing_Basic_631.jpg
[2010/07/01 13:45:29 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\ViewerApp.dat
[2010/06/30 10:48:00 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/26 22:40:41 | 000,307,311 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\6022_operation_guide[1].pdf
[2010/06/21 11:55:19 | 000,384,596 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/21 11:55:19 | 000,054,280 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/21 11:55:18 | 000,442,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/16 19:27:20 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/07/16 19:27:16 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/07/16 19:27:16 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/07/16 19:27:11 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/16 19:27:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/07/14 09:15:09 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Word 2007.lnk
[2010/07/06 16:24:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/06 16:22:42 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/03 23:47:37 | 000,012,848 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Still 001.jpg
[2010/07/03 23:44:53 | 020,834,816 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Clip 001.avi
[2010/07/03 10:23:29 | 000,029,560 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-skimmer.jpg
[2010/07/03 10:23:19 | 000,031,481 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-diagram.jpg
[2010/07/03 10:21:49 | 000,019,907 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Plumbing_Basic_631.jpg
[2010/06/29 09:42:46 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/26 22:40:38 | 000,307,311 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\6022_operation_guide[1].pdf
[2010/06/26 22:32:05 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Cox Cable Guide.url
[2010/04/05 15:24:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
[2010/01/16 21:43:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2009/03/20 09:03:44 | 000,000,849 | ---- | C] () -- C:\WINDOWS\capture.INI
[2009/01/21 14:05:50 | 000,000,171 | ---- | C] () -- C:\WINDOWS\AutoScreenRecorder.INI
[2009/01/17 22:04:25 | 000,000,389 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2008/06/18 02:20:16 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2008/06/18 02:20:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/06/14 09:20:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\route.ini
[2008/02/03 09:19:38 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/03 09:19:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/03 09:19:38 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/03 09:19:37 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/12/05 10:03:33 | 000,001,583 | ---- | C] () -- C:\WINDOWS\VBOSS.INI
[2007/12/05 10:03:12 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\ssce.INI
[2007/12/05 10:03:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\UnzipCtrl.dll
[2007/12/05 10:03:04 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\ZipCtrl.dll
[2007/12/05 09:41:21 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\SP32W.DLL
[2007/11/07 11:10:14 | 000,000,314 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2007/11/07 11:09:40 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\FAXMON.DLL
[2007/03/01 09:29:25 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SWFConverter.INI
[2007/03/01 09:29:03 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/01 09:29:03 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/21 10:48:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/07 08:39:01 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\PdfPorts.dll
[2006/10/03 09:04:23 | 000,000,193 | ---- | C] () -- C:\WINDOWS\VMan.INI
[2006/04/24 19:36:49 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/01/13 10:50:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2006/01/11 23:04:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PNTINFO.INI
[2005/09/05 03:08:32 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2005/04/14 15:18:13 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/03/11 16:09:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/01/26 17:09:41 | 000,000,049 | ---- | C] () -- C:\WINDOWS\atg.ini
[2005/01/23 03:18:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VideoWave.INI
[2004/11/08 22:26:48 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/11/08 22:26:47 | 000,001,078 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/09/18 12:51:52 | 000,002,144 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/09/02 09:52:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2004/09/02 09:52:33 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll
[2004/08/29 13:58:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/08/29 13:42:07 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2004/08/17 16:56:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2004/08/17 16:56:47 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2004/08/17 16:56:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2004/08/17 16:56:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2004/08/17 16:56:47 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw504a.ini
[2004/08/17 16:56:47 | 000,001,906 | ---- | C] () -- C:\WINDOWS\CA504A.INI
[2004/08/17 16:56:47 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\I-dext504.ini
[2004/08/17 16:56:47 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\S-dext504.ini
[2004/08/17 16:56:47 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\F-dext504.ini
[2004/08/17 16:56:47 | 000,000,458 | ---- | C] () -- C:\WINDOWS\System32\P-dext504.ini
[2004/08/17 16:56:47 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\G-dext504.ini
[2004/08/17 16:56:47 | 000,000,454 | ---- | C] () -- C:\WINDOWS\System32\H-dext504.ini
[2004/08/17 16:56:47 | 000,000,453 | ---- | C] () -- C:\WINDOWS\System32\E-dext504.ini
[2004/08/17 16:56:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Setup504.ini
[2004/08/17 16:56:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2004/08/15 23:19:40 | 000,000,244 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2004/08/14 17:49:14 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2004/08/09 11:20:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2004/08/09 11:20:30 | 000,042,172 | ---- | C] () -- C:\WINDOWS\php.ini
[2004/08/07 15:55:37 | 000,000,478 | ---- | C] () -- C:\WINDOWS\my.ini
[2004/07/31 11:08:59 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/07/31 11:04:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\sbaparam.dll
[2004/07/31 11:04:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\sbautils.dll
[2004/07/31 11:04:00 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\EmbeddedDX.dll
[2004/07/31 11:03:59 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2004/07/31 11:03:59 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2004/07/31 11:03:59 | 000,001,433 | ---- | C] () -- C:\WINDOWS\WINPOINT.INI
[2004/07/31 11:03:59 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2004/07/31 11:03:59 | 000,000,255 | ---- | C] () -- C:\WINDOWS\GrAdr16.ini
[2004/07/31 11:03:59 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2004/07/27 16:26:50 | 000,000,062 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2004/07/20 21:45:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/07/20 11:48:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/07/17 21:19:14 | 000,000,829 | ---- | C] () -- C:\WINDOWS\SMVIEW.INI
[2004/07/17 18:14:13 | 000,000,512 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2004/07/17 18:13:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\xl_setup.ini
[2004/07/17 09:37:40 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2004/07/17 08:53:09 | 000,001,373 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/07/16 21:17:18 | 000,000,905 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/07 04:25:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/07 04:12:24 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/07 04:08:43 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/07 03:54:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/07 03:54:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/07 03:40:10 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 14:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/27 10:32:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\DSWndinet.dll
[2003/09/08 15:07:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hhsaid.dll
[1999/10/13 15:59:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\gns2kzip.dll
[1999/07/29 01:27:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/02/27 12:13:12 | 000,000,586 | ---- | C] () -- C:\WINDOWS\3DFAX.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 20th July 2010, 8:20 pm

Hi, Smile

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 20th July 2010, 10:25 pm

OK... here is what I did: I am working with 2 computers since I can not work with the infected one:

* Downloaded Combofix.exe to my memstick
* Renamed it to commy.exe
* Copied commy.exe to Desktop of infected computer
* Ran Safe Mode and executed "%userprofile%\desktop\commy.exe" /stepdel
* When I got to the request to install MS window recovery console it tried to get online but could not because of Safe Mode
* Tried running commy.exe in regular mode, but came up as infected again...

Anymore suggestion or did I do something wrong?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 20th July 2010, 11:01 pm

Hi, Smile

Please go into Safe Mode with Networking, and try. Right On!


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 21st July 2010, 12:19 am

It stopped and popped up a windo said. "Detected a rootkit.... and needs to reboot"


marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 21st July 2010, 12:21 am

restarted and safe mode is asking for

Microsoft Windows Recovery Console
or
Microsoft Windows XP Home Edition

Which should I click?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 21st July 2010, 2:18 am

Hi, Smile

Please choose: Microsoft Windows XP Home Edition


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 21st July 2010, 6:59 am

OK, now it asks F1 to continue or F2 for setup utility

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 21st July 2010, 12:53 pm

Hi, Smile

Please do F1, but be sure it isn't asking for a reformat.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 21st July 2010, 3:28 pm

It's rebooting.... should I still be in Safe Mode?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 21st July 2010, 5:39 pm

Hi, Smile

It can be in either Safe mode or Normal mode.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 22nd July 2010, 2:18 am

ComboFix 10-07-20.01 - Marcel Huizing 07/21/2010 12:32:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.672 [GMT -7:00]
Running from: c:\documents and settings\Marcel Huizing\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\ZangoSA
c:\documents and settings\Marcel Huizing\Application Data\Zango
c:\documents and settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd
c:\documents and settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd\wwvqpootssd.exe
c:\documents and settings\Marcel Huizing\System
c:\program files\A360
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\zango
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte10_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte11_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte12_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte13_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte14_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030104_emte9_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\030203lib_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102angel_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102bigluf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102birthday_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102cheers_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102flo_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102good_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102jump_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102king_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102lough_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102luf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102smile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102smiled_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102sor_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102thanx_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\033102uhu_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\040103ahh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\040103wow_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\040104_emi2_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\042102_1134_112_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\050103big_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\050103gig_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\050103hm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\050103norm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema15_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema16_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema17_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema18_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema24_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema25_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema26_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema30_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema33_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\060104_ema34_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\062802hippi_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\062802jumpie_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\080402argh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\080402oops_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\080402ouch_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\082502no_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\082502yes_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_boring1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_confused_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_fantastic_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_feel_better_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_gimme_break_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_heehee_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_hlopaet_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_ign_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_lol_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_no_comment_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_peace_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_smashing_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\block_sm.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\block_sm2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\block_smli.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\block_smli2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\blocked.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\blocked2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_add-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_back-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_left_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_left_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_middle_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_middle_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_right_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\btn_right_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\business_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\css_cattree.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\css_flashpreview.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\css2_main.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\css2_pagingmodule.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\css2_topbuttons.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\delete.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\edit_clear_sound.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\edit_fs.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\edit_select.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-543450.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-589306.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-591943.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-592579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-598579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-603763.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-9696.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-bcards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-ecards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-emoticons.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-estationery.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-funny.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-help.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-images.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-info.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-more.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-my.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-new2.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-options.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-photo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-tell.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-temp.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-text.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-voice.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-def.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-premium-email-premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\email-temp-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\estatationery.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\flashpatch.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\flashpreview.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\fs3.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\hotbar_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_checked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_close_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_close_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_edit_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_edit_send.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_flash_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_recently_used.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_remove_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_remove_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_sand-clock2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_tell_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_tell_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_tree_null.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_unchecked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout4.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\img_corner_left.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\img_local_logo.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_basetemplate.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_hbgroups.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_hbobject3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_hbobjectset3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_hotbarwrapper.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_texts3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\js2_xmltree3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\linkpathlegal.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\n.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\nav_b_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\nav_bb_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\nav_f_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\nav_ff_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\searchbtn.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\submit.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_bg.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_bga.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_bgia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_l.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_la.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_lia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_r.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_ra.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tab_ria.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tree_dots.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tree_minus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\tree_plus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_animations.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_backgrounds.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_ecards.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_emoticons.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_notifiers.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\treedata_text.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\1\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte10_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte11_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte12_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte13_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte14_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030104_emte9_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\030203lib_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102angel_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102bigluf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102bigsmile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102birthday_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102cheers_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102flo_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102good_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102jump_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102king_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102lough_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102luf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102smile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102smiled_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102sor_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102thanx_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\033102uhu_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\040103ahh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\040103wow_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\040104_emi2_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\042102_1134_112_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\050103big_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\050103gig_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\050103hm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\050103nomail_emoti_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\050103norm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema15_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema16_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema17_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema18_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema24_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema25_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema26_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema30_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema33_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\060104_ema34_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\062802hippi_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\062802jumpie_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\080402argh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\080402oops_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\080402ouch_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\082502no_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\082502yes_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_boring1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_confused_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_crying_ugly_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_fantastic_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_feel_better_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_gimme_break_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_heehee_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_hlopaet_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_ign_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_lol_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_no_comment_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_peace_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_smashing_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\110103_talk2thehand_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\block_sm.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\block_sm2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\block_smli.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\block_smli2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\blocked.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\blocked2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_add-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_back-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_left_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_left_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_left_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_middle_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_middle_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_right_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_right_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\btn_right_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\business_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\css_cattree.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\css_flashpreview.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\css2_main.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\css2_pagingmodule.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\css2_topbuttons.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\delete.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\edit_clear_sound.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\edit_fs.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\edit_select.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-543450.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-589306.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-591943.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-592579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-598579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-603763.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-9696.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-backgrounds.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-bcards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-ecards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-emoticons.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-estationery.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-funny.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-help.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-images.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-info.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-more.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-my.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-new2.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-options.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-photo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-tell.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-temp.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-text.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-voice.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-def.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-premium-email-premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\email-temp-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\estatationery.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\flashpatch.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\flashpreview.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\fs3.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\hotbar_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_checked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_close_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_close_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_edit_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_edit_send.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_flash_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_recently_used.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_remove_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_remove_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_sand-clock2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_tell_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_tell_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_tree_null.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_unchecked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\icon_unchecked_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout4.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\img_corner_left.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\img_local_logo.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_basetemplate.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_hbgroups.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_hbobject3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_hbobjectset3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_hotbarwrapper.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_iteratorsandreaders3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_pagingmoduleobj3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_texts3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\js2_xmltree3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\linkpathlegal.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\n.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\nav_b_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\nav_bb_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\nav_f_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\nav_ff_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\searchbtn.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\submit.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_bg.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_bga.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_bgia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_l.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_la.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_lia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_r.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_ra.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tab_ria.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tree_dots.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tree_minus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\tree_plus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_animations.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_backgrounds.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_ecards.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_emoticons.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_notifiers.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\treedata_text.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\2\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\business_promo.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\buttondir.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\code.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\cursors.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-def.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-temp-bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\hotbar_promo.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\images.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\layout.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\localcontent.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\progress.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\sales_buttons.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\treexml.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOI\static\DownLoad\zango_btn.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte10_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte11_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte12_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte13_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte14_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030104_emte9_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\030203lib_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102angel_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102bigluf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102bigsmile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102birthday_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102cheers_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102flo_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102good_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102jump_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102king_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102lough_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102luf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102smile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102smiled_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102sor_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102thanx_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\033102uhu_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\040103ahh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\040103wow_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\040104_emi2_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\042102_1134_112_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\050103big_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\050103gig_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\050103hm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\050103nomail_emoti_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\050103norm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema15_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema16_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema17_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema18_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema24_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema25_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema26_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema30_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema33_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\060104_ema34_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\062802hippi_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\062802jumpie_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\080402argh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\080402oops_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\080402ouch_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\082502no_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\082502yes_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_boring1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_confused_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_crying_ugly_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_fantastic_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_feel_better_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_gimme_break_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_heehee_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_hlopaet_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_ign_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_lol_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_no_comment_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_peace_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_smashing_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\110103_talk2thehand_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\block_sm.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\block_sm2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\block_smli.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\block_smli2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\blocked.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\blocked2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_add-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_back-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_left_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_left_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_left_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_middle_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_middle_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_right_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_right_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\btn_right_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\business_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\css_cattree.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\css_flashpreview.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\css2_main.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\css2_pagingmodule.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\css2_topbuttons.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\delete.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\edit_clear_sound.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\edit_fs.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\edit_select.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-543450.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-589306.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-591943.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-592579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-598579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-603763.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-9696.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-backgrounds.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-bcards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-ecards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-emoticons.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-estationery.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-funny.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-help.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-images.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-info.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-more.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-my.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-new2.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-options.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-photo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-tell.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-temp.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-text.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-voice.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-def.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-premium-email-premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\email-temp-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\estatationery.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\flashpatch.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\flashpreview.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\fs3.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\hotbar_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_checked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_close_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_close_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_edit_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_edit_send.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_flash_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_recently_used.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_remove_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_remove_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_sand-clock2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_tell_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_tell_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_tree_null.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_unchecked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\icon_unchecked_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout4.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\img_corner_left.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\img_local_logo.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_basetemplate.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_hbgroups.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_hbobject3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_hbobjectset3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_hotbarwrapper.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_iteratorsandreaders3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_pagingmoduleobj3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_texts3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\js2_xmltree3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\linkpathlegal.txt

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 22nd July 2010, 2:21 am

Second part was too big.... so here is part 2... part 3 will follow

c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\n.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\nav_b_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\nav_bb_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\nav_f_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\nav_ff_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\pro_hb_fo_word.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\searchbtn.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\submit.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_bg.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_bga.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_bgia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_l.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_la.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_lia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_r.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_ra.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_ria.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tree_dots.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tree_minus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tree_plus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_animations.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_backgrounds.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_ecards.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_emoticons.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_notifiers.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_text.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte10_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte11_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte12_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte13_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte14_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte9_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030203lib_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102angel_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102bigluf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102bigsmile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102birthday_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102cheers_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102flo_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102good_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102jump_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102king_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102lough_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102luf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102smile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102smiled_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102sor_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102thanx_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102uhu_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\040103ahh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\040103wow_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\040104_emi2_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\042102_1134_112_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\050103big_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\050103gig_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\050103hm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\050103nomail_emoti_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\050103norm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema15_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema16_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema17_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema18_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema24_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema25_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema26_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema30_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema33_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema34_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\062802hippi_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\062802jumpie_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\080402argh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\080402oops_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\080402ouch_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\082502no_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\082502yes_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_boring1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_confused_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_crying_ugly_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_fantastic_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_feel_better_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_gimme_break_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_heehee_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_hlopaet_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_ign_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_lol_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_no_comment_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_peace_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_smashing_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_talk2thehand_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\block_sm.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\block_sm2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\block_smli.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\block_smli2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\blocked.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\blocked2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_add-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_back-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_left_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_left_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_left_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_middle_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_middle_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_right_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_right_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_right_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\business_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\css_cattree.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\css_flashpreview.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\css2_main.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\css2_pagingmodule.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\css2_topbuttons.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\delete.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\edit_clear_sound.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\edit_fs.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\edit_select.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-543450.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-589306.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-591943.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-592579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-598579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-603763.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-9696.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-backgrounds.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-bcards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-ecards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-emoticons.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-estationery.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-funny.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-help.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-images.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-info.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-more.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-my.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-new2.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-options.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-photo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-tell.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-temp.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-text.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-voice.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-premium-email-premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-temp-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\estatationery.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\flashpatch.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\flashpreview.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\fs3.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\hotbar_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_checked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_close_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_close_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_edit_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_edit_send.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_flash_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_recently_used.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_remove_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_remove_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_sand-clock2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_tell_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_tell_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_tree_null.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_unchecked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_unchecked_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout4.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\img_corner_left.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\img_local_logo.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_basetemplate.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_hbgroups.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_hbobject3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_hbobjectset3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_hotbarwrapper.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_iteratorsandreaders3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_pagingmoduleobj3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_texts3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_xmltree3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\linkpathlegal.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\n.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\nav_b_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\nav_bb_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\nav_f_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\nav_ff_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\pro_hb_fo_word.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\searchbtn.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\submit.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_bg.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_bga.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_bgia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_l.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_la.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_lia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_r.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_ra.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_ria.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tree_dots.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tree_minus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tree_plus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_animations.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_backgrounds.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_ecards.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_emoticons.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_notifiers.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_text.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\business_promo.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\buttondir.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\code.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\cursors.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-def.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-temp-bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\hotbar_promo.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\images.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\layout.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\localcontent.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\pro_hb_fo_word.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\progress.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\sales_buttons.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\treexml.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\zango_btn.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\1056008.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\1065005.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\1401532.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\1406946.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\175641.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\2208948.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\2590073.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\2881352.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\2883915.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\3340762.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\3699090.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\3869590.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\420374.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\600583.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\641182.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000031138
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11213
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116977
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14207
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1491
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15541
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\162365
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1670
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17025
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17147
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17957
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17987
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18019
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\180320
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18906
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20106
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20128
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\202699
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20299
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\218419
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21846
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\231028
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23923
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23928
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\241998
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\246310
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\257023
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26213
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\277907
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\278984
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\279564
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\286256
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29115
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32456
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3338
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33761
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34174
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\342303
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34267
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35804
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36247
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\371665
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39245
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\403305
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41243
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42208
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42425
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427148
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44300
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44588
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44789
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\459052
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\459338
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\46021
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\47371
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\475788
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4765
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\517763
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\533670
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54979
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58804
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61167
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61194
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6292
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6428
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64434
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64467
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64495
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67469
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67564
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68094
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70449
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70652
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72807
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\742100
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\74398
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744211
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744260
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744832
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745017
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745304
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748397
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\749325
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\75089
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751230
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751231
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753197
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753198
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753199
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753309
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753334
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753340
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79246
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79432
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79824
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79972
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81293
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95777
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95873
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97964
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\ustat\3631.dat
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\default.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\icons2.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\default.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\icons2.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
c:\documents and settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd\wwvqpootssd.exe
c:\documents and settings\Marcel Huizing\System\win_qs7.jqx
c:\program files\A360\av360.exe.tmp
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MySignatureInsertBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html
c:\program files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 22nd July 2010, 2:22 am

Part 3 of log.txt

c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\Cache\0026D8F2
c:\program files\MyWebSearch\bar\Cache\04FE3252
c:\program files\MyWebSearch\bar\Cache\067D80F8
c:\program files\MyWebSearch\bar\Cache\0C962E99.bin
c:\program files\MyWebSearch\bar\Cache\0CD2545E.bin
c:\program files\MyWebSearch\bar\Cache\1DEAD5ED.bin
c:\program files\MyWebSearch\bar\Cache\1DEAD800.bin
c:\program files\MyWebSearch\bar\Cache\1DEAD9D5.bin
c:\program files\MyWebSearch\bar\Cache\1DEBB0FB.bin
c:\program files\MyWebSearch\bar\Cache\1DEBB30E.bin
c:\program files\MyWebSearch\bar\Cache\1F30601F.bin
c:\program files\MyWebSearch\bar\Cache\1F306232.bin
c:\program files\MyWebSearch\bar\Cache\1F306436.bin
c:\program files\MyWebSearch\bar\Cache\219E4C86
c:\program files\MyWebSearch\bar\Cache\33DE8322
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search
c:\program files\MyWebSearch\bar\Settings\prevcfg.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.htm
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Thumbs.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.8.inf
c:\windows\My.ini
c:\windows\system\IMPLODE.DLL
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\Ijl11.dll
c:\windows\system32\Thumbs.db
c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\FTDISK.SYS was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-17 02:48 . 2010-07-17 02:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-17 02:27 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-17 02:27 . 2010-03-29 17:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-17 02:27 . 2009-11-23 20:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-17 02:27 . 2010-04-08 21:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-17 02:26 . 2010-07-17 02:27 -------- d-----w- c:\program files\Spyware Doctor
2010-07-17 02:26 . 2010-07-17 02:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\PC Tools
2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-17 02:24 . 2010-07-20 22:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-14 03:16 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-06 20:59 . 2010-07-06 20:59 -------- d-----w- C:\Course Technology
2010-07-06 17:29 . 2010-07-06 17:29 -------- d-----w- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\PCHealth
2010-06-29 16:30 . 2010-06-30 10:09 -------- d-----w- c:\program files\Microsoft Works
2010-06-29 16:29 . 2010-06-29 16:29 -------- d-----w- c:\program files\MSBuild
2010-06-29 16:26 . 2010-06-29 16:26 -------- d-----w- c:\program files\Microsoft.NET
2010-06-29 16:19 . 2010-06-29 16:19 -------- d-----r- C:\MSOCache
2010-06-23 10:18 . 2010-06-23 10:18 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 19:31 . 2009-09-25 08:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-20 22:03 . 2004-07-07 11:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-20 15:09 . 2004-07-13 21:54 158088 ----a-w- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-19 07:57 . 2009-03-20 16:15 -------- d-----w- c:\program files\PremierOpinion
2010-07-14 10:04 . 2010-06-21 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-13 10:07 . 2006-01-22 20:03 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-09 07:16 . 2005-11-15 02:35 158088 ----a-w- c:\documents and settings\Guest User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-01 20:45 . 2005-07-03 02:17 284 ----a-w- c:\documents and settings\Marcel Huizing\Application Data\ViewerApp.dat
2010-06-21 17:00 . 2008-12-17 20:13 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\Smilebox
2010-06-21 16:05 . 2010-06-21 16:04 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\Nero
2010-06-20 10:02 . 2010-06-20 10:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-06-20 10:02 . 2010-06-20 10:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-19 17:47 . 2010-06-19 17:47 -------- d-----w- c:\program files\NETGEAR
2010-06-19 17:47 . 2004-07-07 11:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-14 14:31 . 2002-08-29 10:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-11 23:51 . 2010-06-11 23:51 3055600 ----a-w- c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 23:36 . 2010-06-11 23:36 275952 ----a-w- c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-07 17:23 . 2010-06-07 17:03 -------- d-----w- c:\program files\Common Files\Nero
2010-06-07 17:14 . 2010-06-07 17:04 -------- d-----w- c:\program files\Nero
2010-06-07 17:07 . 2010-06-07 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-06-07 17:00 . 2010-06-07 17:00 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-06 10:41 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2003-05-01 08:01 . 2003-05-01 08:01 49664 -c--a-w- c:\program files\swfdecomp.exe
2003-08-25 21:06 . 2005-04-04 06:54 40960 ----a-w- c:\program files\internet explorer\plugins\ftdwser.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2004-07-01 95344]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SmileboxTray"="c:\documents and settings\Marcel Huizing\Application Data\Smilebox\SmileboxTray.exe" [2008-11-26 254600]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104]
"cdloader"="c:\documents and settings\Marcel Huizing\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 70816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-15 53248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WTIndicator"="c:\program files\WinTask\Bin\SchedInd.exe" [2009-04-30 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2006-10-7 43520]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Billminder.lnk - c:\program files\QUICKENW\BILLMIND.EXE [2004-11-8 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2010-6-19 1158144]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 3\\Dreamweaver.exe"=
"c:\\Documents and Settings\\Marcel Huizing\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Marcel Huizing\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Marcel Huizing\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\program files\\premieropinion\\pmropn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [7/16/2010 7:27 PM 218592]
S2 Ca504av;Mega Camera, WDM Video Capture;c:\windows\SYSTEM32\DRIVERS\CA504AV.SYS [8/17/2004 4:56 PM 516149]
S2 WTScheduler;WTScheduler;c:\program files\WinTask\Bin\SchedSrv.exe [4/30/2009 4:02 PM 159744]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys --> c:\windows\system32\drivers\plturbh.sys [?]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys --> c:\windows\system32\drivers\plturbo.sys [?]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\SYSTEM32\DRIVERS\tj2kunic.sys [12/20/2004 7:59 PM 69680]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [8/14/2004 5:49 PM 15576]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\SYSTEM32\DRIVERS\MA111nd5.sys [6/19/2010 10:47 AM 666624]
S3 XIRLINK;Dsc Pro Digital 640 Camera;c:\windows\SYSTEM32\DRIVERS\C-itNT.sys [7/17/2004 6:13 PM 447245]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007Core.job
- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 22:38]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007UA.job
- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 22:38]

2008-12-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-07 23:38]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
IE: {{9239E4EC-C9A6-11D2-A844-00C04F68D538}
FF - ProfilePath - c:\documents and settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\PremierOpinion\components\pmxg.dll
FF - plugin: c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: PremierOpinion: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\PremierOpinion

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADscriptFile
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-fpdodipa - c:\documents and settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd\wwvqpootssd.exe
HKU-Default-Run-fpdodipa - c:\documents and settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd\wwvqpootssd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-21 12:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\l3codeca.acm
c:\program files\PremierOpinion\pmls.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-21 12:55:54
ComboFix-quarantined-files.txt 2010-07-21 19:55

Pre-Run: 34,005,061,632 bytes free
Post-Run: 36,158,152,704 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 6C2162F0D7EE6031C07FCBBC0893CE4F

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 22nd July 2010, 2:23 am

Can I close the log.txt window? What do I do next?


marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 22nd July 2010, 3:53 am

Hi, Smile

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\program files\PremierOpinion

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5643

    Firefox::
    FF - ProfilePath - c:\documents and settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\
    FF - HiddenExtension: PremierOpinion: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\PremierOpinion

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 22nd July 2010, 6:09 am

I don't want to make any errors and being an engineer I will execute your directions EXACTLY how you tell me... step by step!
Remember I renamed the Combofix.exe file to commy.exe as you directed and moved it to my Desktop.... can I use the commy file for these next steps or should I use the original Combofix.exe file?
Also, after step 5 should I execute the exe file or does the dragging of the script file into the exe file actually create the Combofix.txt file?

Thank you for your patience...

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 22nd July 2010, 6:16 am

Hi, Smile

Please drag CFScript.txt onto Commy.exe be sure that it is on your desktop and it will start.

I think that should answer your questions. Smile


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 22nd July 2010, 8:20 am

I ran it best I could...... when I dragged the txt file into the Combofix file it started running the Combofix program again... after finishing it rebooted on its own and when I logged in it opened a window which said:
"Preparing Log Report
Do not run any........ finished"

Then a window popped open saying:
"Windows can not open this file:
File: MWSOEMON.exe.vir....."
and continues by asking if I ...
What do you want to do?
O .... Use web services to find progran to run this
O .... Select a program from a list

What is this and what do I do?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 22nd July 2010, 8:40 am

Log.txt ......part-1

ComboFix 10-07-21.02 - Marcel Huizing 07/22/2010 0:41.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.504 [GMT -7:00]
Running from: H:\ComboFix.exe
Command switches used :: c:\documents and settings\Marcel Huizing\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\PremierOpinion
c:\program files\PremierOpinion\components\pmxg.dll
c:\program files\PremierOpinion\install.rdf
c:\program files\PremierOpinion\msvcp71.dll
c:\program files\PremierOpinion\msvcr71.dll
c:\program files\PremierOpinion\pmls.dll
c:\program files\PremierOpinion\pmls64.dll
c:\program files\PremierOpinion\pmoci.bin
c:\program files\PremierOpinion\pmph.dll
c:\program files\PremierOpinion\pmropn.exe
c:\program files\PremierOpinion\pmropn64.exe
c:\program files\PremierOpinion\pmservice.exe
c:\program files\PremierOpinion\pmxf.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-17 02:48 . 2010-07-17 02:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-17 02:27 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-17 02:27 . 2010-03-29 17:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-17 02:27 . 2009-11-23 20:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-17 02:27 . 2010-04-08 21:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-17 02:26 . 2010-07-17 02:27 -------- d-----w- c:\program files\Spyware Doctor
2010-07-17 02:26 . 2010-07-17 02:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\PC Tools
2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-17 02:24 . 2010-07-22 08:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-14 03:16 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-06 20:59 . 2010-07-06 20:59 -------- d-----w- C:\Course Technology
2010-07-06 17:29 . 2010-07-06 17:29 -------- d-----w- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\PCHealth
2010-06-29 16:30 . 2010-06-30 10:09 -------- d-----w- c:\program files\Microsoft Works
2010-06-29 16:29 . 2010-06-29 16:29 -------- d-----w- c:\program files\MSBuild
2010-06-29 16:26 . 2010-06-29 16:26 -------- d-----w- c:\program files\Microsoft.NET
2010-06-29 16:19 . 2010-06-29 16:19 -------- d-----r- C:\MSOCache
2010-06-23 10:18 . 2010-06-23 10:18 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 08:14 . 2004-07-07 11:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-21 19:31 . 2009-09-25 08:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-20 15:09 . 2004-07-13 21:54 158088 ----a-w- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-14 10:04 . 2010-06-21 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-13 10:07 . 2006-01-22 20:03 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-09 07:16 . 2005-11-15 02:35 158088 ----a-w- c:\documents and settings\Guest User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-01 20:45 . 2005-07-03 02:17 284 ----a-w- c:\documents and settings\Marcel Huizing\Application Data\ViewerApp.dat
2010-06-21 17:00 . 2008-12-17 20:13 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\Smilebox
2010-06-21 16:05 . 2010-06-21 16:04 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\Nero
2010-06-20 10:02 . 2010-06-20 10:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-06-20 10:02 . 2010-06-20 10:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-19 17:47 . 2010-06-19 17:47 -------- d-----w- c:\program files\NETGEAR
2010-06-19 17:47 . 2004-07-07 11:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-07 17:23 . 2010-06-07 17:03 -------- d-----w- c:\program files\Common Files\Nero
2010-06-07 17:14 . 2010-06-07 17:04 -------- d-----w- c:\program files\Nero
2010-06-07 17:07 . 2010-06-07 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-06-07 17:00 . 2010-06-07 17:00 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-06 10:41 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2003-05-01 08:01 . 2003-05-01 08:01 49664 -c--a-w- c:\program files\swfdecomp.exe
2003-08-25 21:06 . 2005-04-04 06:54 40960 ----a-w- c:\program files\internet explorer\plugins\ftdwser.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2004-07-01 95344]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SmileboxTray"="c:\documents and settings\Marcel Huizing\Application Data\Smilebox\SmileboxTray.exe" [2008-11-26 254600]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104]
"cdloader"="c:\documents and settings\Marcel Huizing\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 70816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-15 53248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WTIndicator"="c:\program files\WinTask\Bin\SchedInd.exe" [2009-04-30 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2006-10-7 43520]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Billminder.lnk - c:\program files\QUICKENW\BILLMIND.EXE [2004-11-8 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2010-6-19 1158144]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MyWebSearch Email Plugin.lnk - c:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir [2004-11-9 28672]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2005-3-11 155715]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-4-14 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-4-14 106496]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-2-23 806912]
Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2004-11-8 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 3\\Dreamweaver.exe"=
"c:\\Documents and Settings\\Marcel Huizing\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Marcel Huizing\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Marcel Huizing\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [7/16/2010 7:27 PM 218592]
S2 Ca504av;Mega Camera, WDM Video Capture;c:\windows\SYSTEM32\DRIVERS\CA504AV.SYS [8/17/2004 4:56 PM 516149]
S2 WTScheduler;WTScheduler;c:\program files\WinTask\Bin\SchedSrv.exe [4/30/2009 4:02 PM 159744]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys --> c:\windows\system32\drivers\plturbh.sys [?]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys --> c:\windows\system32\drivers\plturbo.sys [?]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\SYSTEM32\DRIVERS\tj2kunic.sys [12/20/2004 7:59 PM 69680]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [8/14/2004 5:49 PM 15576]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\SYSTEM32\DRIVERS\MA111nd5.sys [6/19/2010 10:47 AM 666624]
S3 XIRLINK;Dsc Pro Digital 640 Camera;c:\windows\SYSTEM32\DRIVERS\C-itNT.sys [7/17/2004 6:13 PM 447245]

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 22nd July 2010, 8:41 am

log.txt........part 2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007Core.job
- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 22:38]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007UA.job
- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 22:38]

2008-12-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-07 23:38]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
IE: {{9239E4EC-C9A6-11D2-A844-00C04F68D538}
FF - ProfilePath - c:\documents and settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PremierOpinion - c:\program files\PremierOpinion\pmropn.exe
AddRemove-{eeb86aef-4a5d-4b75-9d74-f16d438fc286} - c:\program files\PremierOpinion\pmropn.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-22 01:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2010-07-22 01:26:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-22 08:26
ComboFix2.txt 2010-07-21 19:55

Pre-Run: 36,180,717,568 bytes free
Post-Run: 36,154,032,128 bytes free

- - End Of File - - C1E156B1E73A3DF638566F6F70A75941

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 22nd July 2010, 7:29 pm

Hi, Smile

That pop-up is part of MyWebSearch hence the MWS file name, we will rid of it. Right On!

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 22nd July 2010, 10:36 pm

When I click on your link I get to a page that contains this:

Download Now (5.87MB)
or Smart Install
Tested spyware free

When I click on the Download link I get a new page with many links for all kinds of anti virus stuff and more..... Cna you tell me which lick I am supposed to click.... sorry for my concern, but these virusses have really cautioned me... thanks again.

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 22nd July 2010, 11:19 pm

Hi, Smile

Click on the big green button that says 'Download Now' that is the correct one.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 23rd July 2010, 12:02 am

Yes, that is the one that takes me to the pge with too many options.... what then?

Thank you

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 23rd July 2010, 12:05 am

This is what comes up in the main part of the page:

Your download will begin in a moment...
Next, keep Malwarebytes Anti-Malware and all your software up-to-date with CNET TechTracker, a free application from CNET. No download? Check for your browser's security bar at the top of the page. Need more help? Visit the Download Help Center. Want to be notified when Malwarebytes Anti-Malware is updated?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 23rd July 2010, 12:06 am

This is the address of that page:

[You must be registered and logged in to see this link.]

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 23rd July 2010, 12:08 am

Then it went to this page automatically:

[You must be registered and logged in to see this link.]

Do I have to purchase something?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 23rd July 2010, 5:09 am

Hi, Smile

Please use this link: [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 23rd July 2010, 6:13 am

First.... the popup window regarding the MWSOEMON.EXE.vir options pops up at startup still.. Do I need to do something with it? Sofar I have just closed the window every time....

Here is the mbam-log:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4340

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/22/2010 10:52:06 PM
mbam-log-2010-07-22 (22-52-06).txt

Scan type: Quick scan
Objects scanned: 155893
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 85
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\zango.desktopflash (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zango.desktopflash.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1985fce1-4043-4346-ae70-d0a0cd90bdd3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{dbf00e12-281c-4dc8-a7ec-1ff45182439b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ad71e48f-6f47-4b63-9312-fae879541c4d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dd1cb2d7-161d-4b84-ae5c-08d3faed894f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ZangoSA_df.exe (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\zango@zango.com (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\res2 (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion (Adware.PremierOpinion) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\res2\WhiteList.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\About PremierOpinion.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Privacy Policy and User License Agreement.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Support.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Uninstall Instructions.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.

Am I done now and cean again?
Is what I have downloaded from Malwarebytes something I should have running all the time to protect myself, or do you recommend something else...... anything free would be appreciated as I am not working at this time...
Thank you again!!!

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 23rd July 2010, 6:42 am

Hi, Smile

Could you please run OTL again. Right On!


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 23rd July 2010, 8:37 am

I only ran the Scan in OTL.exe...... Here is the OTL.log..... what next?

OTL.log:

OTL logfile created on: 7/23/2010 1:26:03 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 556.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 33.74 Gb Free Space | 45.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 95.78 Mb Total Space | 55.06 Mb Free Space | 57.49% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: D1N8R751
Current User Name: Marcel Huizing
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/18 21:00:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/30 16:00:58 | 000,053,248 | ---- | M] () -- C:\Program Files\WinTask\Bin\SchedInd.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/11/15 19:44:14 | 001,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2005/11/15 19:42:22 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/09/29 10:28:36 | 001,158,144 | ---- | M] () -- C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
PRC - [2004/07/08 16:13:42 | 000,106,496 | ---- | M] (Sony Corporation.) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
PRC - [2004/06/03 01:51:27 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2004/06/03 01:50:07 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2004/04/23 11:04:18 | 000,158,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2004/01/27 19:06:54 | 000,218,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2003/11/21 21:02:42 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
PRC - [2003/11/10 13:30:12 | 000,234,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2003/11/10 13:30:04 | 000,255,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2003/11/10 13:30:02 | 000,070,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2002/04/12 14:39:24 | 000,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
PRC - [2002/01/10 11:44:28 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE
PRC - [1999/03/12 08:07:38 | 000,043,520 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2010/07/18 21:00:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2004/03/10 11:42:44 | 000,197,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Antispam\ASOEHOOK.DLL
MOD - [2003/11/21 14:05:02 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcr70.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/04/30 16:02:52 | 000,159,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\WinTask\Bin\SchedSrv.exe -- (WTScheduler)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/09/15 10:01:39 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2004/06/29 16:14:38 | 000,193,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/04/23 11:04:18 | 000,158,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/01/27 19:06:54 | 000,218,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2003/12/04 18:22:30 | 000,193,816 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan)
SRV - [2003/11/10 13:30:12 | 000,234,656 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2003/11/10 13:30:10 | 000,087,200 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2003/11/10 13:30:04 | 000,255,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/06/24 16:23:10 | 000,066,784 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\script Blocking\SBServ.exe -- (SBService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\plturbo.sys -- (PLTurbo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\plturbh.sys -- (PLTurbh)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/29 10:28:38 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MA111nd5.sys -- (WlanUIB)
DRV - [2004/09/29 10:28:38 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MA111nd5.sys -- (WLAN_USB)
DRV - [2004/09/29 10:28:36 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/09/01 01:00:00 | 000,617,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040901.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/09/01 01:00:00 | 000,068,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040901.016\NAVENG.SYS -- (NAVENG)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/07 04:13:22 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/07/01 23:23:26 | 000,170,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO)
DRV - [2004/06/29 16:13:52 | 000,263,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/29 16:13:46 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/06/29 16:13:42 | 000,046,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2004/06/29 16:13:40 | 000,166,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2004/06/29 16:13:40 | 000,051,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2004/06/29 16:13:34 | 000,011,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/03/14 23:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/14 23:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/14 23:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/14 23:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/14 23:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/14 23:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/14 23:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/14 23:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/14 23:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/02/27 00:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 01:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 17:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 17:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/12/04 18:22:30 | 000,308,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT)
DRV - [2003/12/04 18:22:30 | 000,037,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - [2003/11/21 14:05:02 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/05/23 10:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)
DRV - [2002/10/13 21:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)
DRV - [2002/07/25 11:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Bulk504.sys -- (USBCamera)
DRV - [2002/06/18 14:55:56 | 000,516,149 | ---- | M] (Digital Camera.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CA504AV.SYS -- (Ca504av)
DRV - [2002/06/14 10:46:32 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbbc.sys -- (Wdm1)
DRV - [2002/05/31 13:01:00 | 000,012,338 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/01/24 09:20:10 | 000,024,160 | R--- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuvaud2.sys -- (nuvaud2)
DRV - [2001/01/24 09:18:08 | 000,147,840 | R--- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuvvid2.sys -- (nuvvid2)
DRV - [2000/04/27 17:29:02 | 000,447,245 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\C-itNT.sys -- (XIRLINK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://orion.mesacc.edu/portal/"
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.326.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 07:45:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/12 09:02:31 | 000,000,000 | ---D | M]

[2009/01/15 15:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Extensions
[2010/07/16 12:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\extensions
[2010/06/03 08:47:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/14 00:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/06/22 13:44:58 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/07/22 01:10:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (WTBho Class) - {348FE907-249E-4C65-A838-F34A193FE1D1} - C:\Program Files\WinTask\Bin\TaskBHO.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WTIndicator] C:\Program Files\WinTask\Bin\SchedInd.exe ()
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Marcel Huizing\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\Marcel Huizing\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (MyWebSearch.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [You must be registered and logged in to see this link.] (DeviceEnum Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} [You must be registered and logged in to see this link.] (PtClickLoan Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcel Huizing\My Documents\Business\OvertakeRacing\Marcel\sreensaver\lean-2.BMP
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/14 15:40:06 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/22 22:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Application Data\Malwarebytes
[2010/07/22 22:28:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 22:28:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 22:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/22 22:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 22:26:45 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marcel Huizing\Desktop\mbam-setup.exe
[2010/07/20 16:39:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/20 14:48:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/20 14:48:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/20 14:48:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/20 14:48:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/20 14:48:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/20 14:46:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/16 19:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/13 20:16:17 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/06 13:59:46 | 000,000,000 | ---D | C] -- C:\Course Technology
[2010/07/06 10:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\PCHealth
[2010/06/29 09:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/06/29 09:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/29 09:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/06/29 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/29 09:19:46 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/06/23 03:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/06/19 10:47:19 | 000,666,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys
[2006/09/19 13:41:35 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\imploDE.DLL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/23 01:23:42 | 000,000,197 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\MBAM.url
[2010/07/23 01:20:24 | 000,001,170 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/23 01:17:49 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/23 00:47:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007UA.job
[2010/07/22 23:41:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/22 23:41:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/22 23:41:16 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/22 23:36:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Marcel Huizing\NTUSER.INI
[2010/07/22 23:36:46 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Marcel Huizing\NTUSER.DAT
[2010/07/22 22:28:08 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/22 22:26:45 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marcel Huizing\Desktop\mbam-setup.exe
[2010/07/22 16:47:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007Core.job
[2010/07/22 01:12:09 | 000,001,071 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
[2010/07/22 01:10:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/22 01:10:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/07/22 00:35:10 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Shortcut to ComboFix.exe.lnk
[2010/07/21 19:15:53 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 12:31:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/20 16:40:04 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/07/20 14:35:16 | 003,739,568 | R--- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\commy.exe
[2010/07/20 11:22:20 | 000,832,656 | -H-- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\IconCache.db
[2010/07/20 08:09:02 | 000,158,088 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/20 08:06:15 | 000,540,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/14 09:35:11 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/14 09:16:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Word 2007.lnk
[2010/07/14 01:00:49 | 000,001,373 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2010/07/13 15:59:00 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\GoDaddy.url
[2010/07/12 09:40:58 | 000,050,778 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\done.url
[2010/07/11 10:18:16 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Cox Cable Guide.url
[2010/07/09 14:10:22 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Radio.url
[2010/07/09 13:40:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 16:23:30 | 000,000,905 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/06 16:22:42 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/05 15:54:30 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\FaceBook.url
[2010/07/03 23:48:03 | 000,003,256 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Default.sfvidcap
[2010/07/03 23:47:38 | 000,012,848 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Still 001.jpg
[2010/07/03 23:45:03 | 020,834,816 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Clip 001.avi
[2010/07/03 10:22:56 | 000,031,481 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-diagram.jpg
[2010/07/03 10:22:56 | 000,029,560 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-skimmer.jpg
[2010/07/03 10:21:20 | 000,019,907 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Plumbing_Basic_631.jpg
[2010/07/01 13:45:29 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\ViewerApp.dat
[2010/06/30 10:48:00 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/26 22:40:41 | 000,307,311 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\6022_operation_guide[1].pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/23 01:23:07 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\MBAM.url
[2010/07/22 22:28:08 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/22 00:35:10 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Shortcut to ComboFix.exe.lnk
[2010/07/21 08:28:49 | 1071,714,304 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/20 16:39:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/20 16:39:44 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/20 14:48:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/20 14:48:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/20 14:48:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/20 14:48:16 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/20 14:48:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/20 14:35:16 | 003,739,568 | R--- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\commy.exe
[2010/07/14 09:15:09 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Word 2007.lnk
[2010/07/06 16:24:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/06 16:22:42 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/03 23:47:37 | 000,012,848 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Still 001.jpg
[2010/07/03 23:44:53 | 020,834,816 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Clip 001.avi
[2010/07/03 10:23:29 | 000,029,560 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-skimmer.jpg
[2010/07/03 10:23:19 | 000,031,481 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-diagram.jpg
[2010/07/03 10:21:49 | 000,019,907 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Plumbing_Basic_631.jpg
[2010/06/29 09:42:46 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/26 22:40:38 | 000,307,311 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\6022_operation_guide[1].pdf
[2010/06/26 22:32:05 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Cox Cable Guide.url
[2010/04/05 15:24:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
[2010/01/16 21:43:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2009/03/20 09:03:44 | 000,000,849 | ---- | C] () -- C:\WINDOWS\capture.INI
[2009/01/21 14:05:50 | 000,000,171 | ---- | C] () -- C:\WINDOWS\AutoScreenRecorder.INI
[2009/01/17 22:04:25 | 000,000,389 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2008/06/18 02:20:16 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2008/06/18 02:20:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/06/14 09:20:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\route.ini
[2008/02/03 09:19:38 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/03 09:19:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/03 09:19:38 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/03 09:19:37 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/12/05 10:03:33 | 000,001,583 | ---- | C] () -- C:\WINDOWS\VBOSS.INI
[2007/12/05 10:03:12 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\ssce.INI
[2007/12/05 10:03:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\UnzipCtrl.dll
[2007/12/05 10:03:04 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\ZipCtrl.dll
[2007/12/05 09:41:21 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\SP32W.DLL
[2007/11/07 11:10:14 | 000,000,314 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2007/11/07 11:09:40 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\FAXMON.DLL
[2007/03/01 09:29:25 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SWFConverter.INI
[2007/03/01 09:29:03 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/01 09:29:03 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/21 10:48:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/07 08:39:01 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\PdfPorts.dll
[2006/10/03 09:04:23 | 000,000,193 | ---- | C] () -- C:\WINDOWS\VMan.INI
[2006/04/24 19:36:49 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/01/13 10:50:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2006/01/11 23:04:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PNTINFO.INI
[2005/09/05 03:08:32 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2005/04/14 15:18:13 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/03/11 16:09:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/01/26 17:09:41 | 000,000,049 | ---- | C] () -- C:\WINDOWS\atg.ini
[2005/01/23 03:18:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VideoWave.INI
[2004/11/08 22:26:48 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/11/08 22:26:47 | 000,001,078 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/09/18 12:51:52 | 000,002,144 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/09/02 09:52:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2004/09/02 09:52:33 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll
[2004/08/29 13:58:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/08/29 13:42:07 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2004/08/17 16:56:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2004/08/17 16:56:47 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2004/08/17 16:56:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2004/08/17 16:56:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2004/08/17 16:56:47 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw504a.ini
[2004/08/17 16:56:47 | 000,001,906 | ---- | C] () -- C:\WINDOWS\CA504A.INI
[2004/08/17 16:56:47 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\I-dext504.ini
[2004/08/17 16:56:47 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\S-dext504.ini
[2004/08/17 16:56:47 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\F-dext504.ini
[2004/08/17 16:56:47 | 000,000,458 | ---- | C] () -- C:\WINDOWS\System32\P-dext504.ini
[2004/08/17 16:56:47 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\G-dext504.ini
[2004/08/17 16:56:47 | 000,000,454 | ---- | C] () -- C:\WINDOWS\System32\H-dext504.ini
[2004/08/17 16:56:47 | 000,000,453 | ---- | C] () -- C:\WINDOWS\System32\E-dext504.ini
[2004/08/17 16:56:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Setup504.ini
[2004/08/17 16:56:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2004/08/15 23:19:40 | 000,000,244 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2004/08/14 17:49:14 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2004/08/09 11:20:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2004/08/09 11:20:30 | 000,042,172 | ---- | C] () -- C:\WINDOWS\php.ini
[2004/07/31 11:08:59 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/07/31 11:04:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\sbaparam.dll
[2004/07/31 11:04:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\sbautils.dll
[2004/07/31 11:04:00 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\EmbeddedDX.dll
[2004/07/31 11:03:59 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2004/07/31 11:03:59 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2004/07/31 11:03:59 | 000,001,433 | ---- | C] () -- C:\WINDOWS\WINPOINT.INI
[2004/07/31 11:03:59 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2004/07/31 11:03:59 | 000,000,255 | ---- | C] () -- C:\WINDOWS\GrAdr16.ini
[2004/07/31 11:03:59 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2004/07/27 16:26:50 | 000,000,062 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2004/07/20 21:45:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/07/20 11:48:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/07/17 21:19:14 | 000,000,829 | ---- | C] () -- C:\WINDOWS\SMVIEW.INI
[2004/07/17 18:14:13 | 000,000,512 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2004/07/17 18:13:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\xl_setup.ini
[2004/07/17 09:37:40 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2004/07/17 08:53:09 | 000,001,373 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/07/16 21:17:18 | 000,000,905 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/07 04:25:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/07 04:12:24 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/07 04:08:43 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/07 03:54:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/07 03:54:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/07 03:40:10 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 14:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/27 10:32:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\DSWndinet.dll
[2003/09/08 15:07:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hhsaid.dll
[1999/10/13 15:59:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\gns2kzip.dll
[1999/07/29 01:27:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/02/27 12:13:12 | 000,000,586 | ---- | C] () -- C:\WINDOWS\3DFAX.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 23rd July 2010, 5:49 pm

Hi, Smile

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (MyWebSearch.com)

    :commands
    [emptytemp]
    [resethosts]
    [reboot]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 23rd July 2010, 10:07 pm

All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk moved successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 982 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Marcel Huizing
->Temp folder emptied: 1460694 bytes
->Temporary Internet Files folder emptied: 163841097 bytes
->Java cache emptied: 36126761 bytes
->FireFox cache emptied: 35984473 bytes
->Flash cache emptied: 2103440 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 148483 bytes
%systemroot%\System32 .tmp files removed: 2952721 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 232.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 07232010_115658

Files\Folders moved on Reboot...
C:\Documents and Settings\Marcel Huizing\Local Settings\Temporary Internet Files\Content.IE5\PIAHH0V3\win32-nuqele-and-bankerfoxa-t22772-45[1].htm moved successfully.
C:\Documents and Settings\Marcel Huizing\Local Settings\Temporary Internet Files\Content.IE5\MHU5YX5L\win32-nuqele-and-bankerfoxa-t22772-30[1].htm moved successfully.

Registry entries deleted on Reboot...

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 23rd July 2010, 10:27 pm

Hi, Smile

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on 24th July 2010, 5:27 pm

OK, but after I accepted Terms and clicked Start a warning window popped up asking if it was OK to install "OnlineScanner.cab" from ESET? Should I say yes and then continue with install of ActiveX ?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23914
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on 24th July 2010, 7:31 pm

Yes, please do that. Smile


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum