Win32/Nuqel.E and Bankerfox.A

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Thu Jul 22, 2010 2:21 am

Second part was too big.... so here is part 2... part 3 will follow

c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\n.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\nav_b_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\nav_bb_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\nav_f_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\nav_ff_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\pro_hb_fo_word.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\searchbtn.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\submit.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_bg.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_bga.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_bgia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_l.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_la.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_lia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_r.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_ra.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tab_ria.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tree_dots.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tree_minus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\tree_plus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_animations.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_backgrounds.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_ecards.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_emoticons.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_notifiers.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\treedata_text.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\1\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte10_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte11_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte12_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte13_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte14_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030104_emte9_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\030203lib_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102angel_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102bigluf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102bigsmile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102birthday_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102cheers_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102flo_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102good_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102jump_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102king_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102lough_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102luf_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102smile_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102smiled_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102sor_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102thanx_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\033102uhu_1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\040103ahh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\040103wow_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\040104_emi2_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\042102_1134_112_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\050103big_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\050103gig_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\050103hm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\050103nomail_emoti_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\050103norm_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema15_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema16_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema17_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema18_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema19_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema20_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema21_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema24_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema25_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema26_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema30_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema33_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\060104_ema34_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\062802hippi_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\062802jumpie_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\080402argh_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\080402oops_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\080402ouch_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\082502no_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\082502yes_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_boring1_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_confused_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_crying_ugly_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_fantastic_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_feel_better_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_gimme_break_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_heehee_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_hlopaet_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_ign_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_lol_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_no_comment_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_peace_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_smashing_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\110103_talk2thehand_prv.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\block_sm.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\block_sm2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\block_smli.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\block_smli2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\blocked.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\blocked2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_add-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_back-but.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_left_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_left_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_left_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_middle_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_middle_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_right_cut_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_right_enabled_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\btn_right_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\business_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\css_cattree.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\css_flashpreview.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\css2_main.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\css2_pagingmodule.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\css2_topbuttons.css
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\delete.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\edit_clear_sound.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\edit_fs.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\edit_select.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-543450.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-589306.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-591943.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-592579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-598579.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-603763.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-9696.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-backgrounds.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-bcards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-ecards.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-emoticons.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-estationery.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-funny.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-help.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-images.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-info.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-more.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-my.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-new2.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-options.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-photo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-tell.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-temp.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-text.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-voice.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-def.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-premium-email-premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\email-temp-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\estatationery.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\flashpatch.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\flashpreview.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\fs3.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\hotbar_promo.htm
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_checked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_close_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_close_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_edit_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_edit_send.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_flash_preview.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_recently_used.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_remove_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_remove_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_sand-clock2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_tell_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_tell_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_tree_null.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_unchecked_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\icon_unchecked_pressed_1.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout4.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\img_corner_left.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\img_local_logo.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_basetemplate.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_hbgroups.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_hbobject3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_hbobjectset3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_hotbarwrapper.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_iteratorsandreaders3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_pagingmoduleobj3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_texts3.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\js2_xmltree3nf.js
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\linkpathlegal.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\n.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\nav_b_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\nav_bb_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\nav_f_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\nav_ff_2.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\pro_hb_fo_word.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\searchbtn.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\submit.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_bg.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_bga.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_bgia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_l.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_la.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_lia.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_r.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_ra.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tab_ria.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tree_dots.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tree_minus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\tree_plus.gif
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_animations.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_backgrounds.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_ecards.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_emoticons.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_notifiers.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\treedata_text.xml
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\2\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\business_promo.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\buttondir.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\code.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\cursors.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-def.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-temp-bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\hotbar_promo.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\images.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\layout.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\localcontent.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\pro_hb_fo_word.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\progress.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\sales_buttons.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\treexml.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\HostOL\static\DownLoad\zango_btn.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\1056008.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\1065005.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\1401532.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\1406946.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\175641.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\2208948.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\2590073.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\2881352.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\2883915.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\3340762.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\3699090.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\3869590.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\420374.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\600583.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\641182.sdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000031138
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11213
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116977
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14207
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1491
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15541
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\162365
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1670
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17025
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17147
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17957
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17987
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18019
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\180320
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18906
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20106
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20128
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\202699
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20299
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\218419
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21846
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\231028
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23923
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23928
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\241998
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\246310
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\257023
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26213
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\277907
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\278984
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\279564
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\286256
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29115
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32456
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3338
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33761
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34174
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\342303
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34267
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35804
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36247
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\371665
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39245
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\403305
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41243
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42208
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42425
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427148
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44300
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44588
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44789
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\459052
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\459338
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\46021
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\47371
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\475788
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4765
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\517763
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\533670
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54979
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58804
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61167
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61194
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6292
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6428
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64434
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64467
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64495
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67469
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67564
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68094
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70449
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70652
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72807
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\742100
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\74398
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744211
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744260
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744832
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745017
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745304
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748397
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\749325
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\75089
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751230
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751231
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753197
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753198
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753199
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753309
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753334
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753340
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79246
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79432
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79824
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79972
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81293
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95777
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95873
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97964
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\dynamic\ustat\3631.dat
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\default.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\icons2.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\components.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\cursors.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\default.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\icons2.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\progress.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
c:\documents and settings\Marcel Huizing\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
c:\documents and settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd\wwvqpootssd.exe
c:\documents and settings\Marcel Huizing\System\win_qs7.jqx
c:\program files\A360\av360.exe.tmp
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MySignatureInsertBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html
c:\program files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Thu Jul 22, 2010 2:22 am

Part 3 of log.txt

c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\Cache\0026D8F2
c:\program files\MyWebSearch\bar\Cache\04FE3252
c:\program files\MyWebSearch\bar\Cache\067D80F8
c:\program files\MyWebSearch\bar\Cache\0C962E99.bin
c:\program files\MyWebSearch\bar\Cache\0CD2545E.bin
c:\program files\MyWebSearch\bar\Cache\1DEAD5ED.bin
c:\program files\MyWebSearch\bar\Cache\1DEAD800.bin
c:\program files\MyWebSearch\bar\Cache\1DEAD9D5.bin
c:\program files\MyWebSearch\bar\Cache\1DEBB0FB.bin
c:\program files\MyWebSearch\bar\Cache\1DEBB30E.bin
c:\program files\MyWebSearch\bar\Cache\1F30601F.bin
c:\program files\MyWebSearch\bar\Cache\1F306232.bin
c:\program files\MyWebSearch\bar\Cache\1F306436.bin
c:\program files\MyWebSearch\bar\Cache\219E4C86
c:\program files\MyWebSearch\bar\Cache\33DE8322
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search
c:\program files\MyWebSearch\bar\Settings\prevcfg.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.htm
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Thumbs.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.8.inf
c:\windows\My.ini
c:\windows\system\IMPLODE.DLL
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\Ijl11.dll
c:\windows\system32\Thumbs.db
c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\FTDISK.SYS was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-17 02:48 . 2010-07-17 02:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-17 02:27 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-17 02:27 . 2010-03-29 17:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-17 02:27 . 2009-11-23 20:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-17 02:27 . 2010-04-08 21:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-17 02:26 . 2010-07-17 02:27 -------- d-----w- c:\program files\Spyware Doctor
2010-07-17 02:26 . 2010-07-17 02:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\PC Tools
2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-17 02:24 . 2010-07-20 22:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-14 03:16 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-06 20:59 . 2010-07-06 20:59 -------- d-----w- C:\Course Technology
2010-07-06 17:29 . 2010-07-06 17:29 -------- d-----w- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\PCHealth
2010-06-29 16:30 . 2010-06-30 10:09 -------- d-----w- c:\program files\Microsoft Works
2010-06-29 16:29 . 2010-06-29 16:29 -------- d-----w- c:\program files\MSBuild
2010-06-29 16:26 . 2010-06-29 16:26 -------- d-----w- c:\program files\Microsoft.NET
2010-06-29 16:19 . 2010-06-29 16:19 -------- d-----r- C:\MSOCache
2010-06-23 10:18 . 2010-06-23 10:18 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 19:31 . 2009-09-25 08:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-20 22:03 . 2004-07-07 11:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-20 15:09 . 2004-07-13 21:54 158088 ----a-w- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-19 07:57 . 2009-03-20 16:15 -------- d-----w- c:\program files\PremierOpinion
2010-07-14 10:04 . 2010-06-21 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-13 10:07 . 2006-01-22 20:03 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-09 07:16 . 2005-11-15 02:35 158088 ----a-w- c:\documents and settings\Guest User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-01 20:45 . 2005-07-03 02:17 284 ----a-w- c:\documents and settings\Marcel Huizing\Application Data\ViewerApp.dat
2010-06-21 17:00 . 2008-12-17 20:13 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\Smilebox
2010-06-21 16:05 . 2010-06-21 16:04 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\Nero
2010-06-20 10:02 . 2010-06-20 10:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-06-20 10:02 . 2010-06-20 10:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-19 17:47 . 2010-06-19 17:47 -------- d-----w- c:\program files\NETGEAR
2010-06-19 17:47 . 2004-07-07 11:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-14 14:31 . 2002-08-29 10:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-11 23:51 . 2010-06-11 23:51 3055600 ----a-w- c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 23:36 . 2010-06-11 23:36 275952 ----a-w- c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-07 17:23 . 2010-06-07 17:03 -------- d-----w- c:\program files\Common Files\Nero
2010-06-07 17:14 . 2010-06-07 17:04 -------- d-----w- c:\program files\Nero
2010-06-07 17:07 . 2010-06-07 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-06-07 17:00 . 2010-06-07 17:00 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-06 10:41 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2003-05-01 08:01 . 2003-05-01 08:01 49664 -c--a-w- c:\program files\swfdecomp.exe
2003-08-25 21:06 . 2005-04-04 06:54 40960 ----a-w- c:\program files\internet explorer\plugins\ftdwser.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2004-07-01 95344]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SmileboxTray"="c:\documents and settings\Marcel Huizing\Application Data\Smilebox\SmileboxTray.exe" [2008-11-26 254600]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104]
"cdloader"="c:\documents and settings\Marcel Huizing\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 70816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-15 53248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WTIndicator"="c:\program files\WinTask\Bin\SchedInd.exe" [2009-04-30 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2006-10-7 43520]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Billminder.lnk - c:\program files\QUICKENW\BILLMIND.EXE [2004-11-8 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2010-6-19 1158144]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 3\\Dreamweaver.exe"=
"c:\\Documents and Settings\\Marcel Huizing\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Marcel Huizing\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Marcel Huizing\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\program files\\premieropinion\\pmropn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [7/16/2010 7:27 PM 218592]
S2 Ca504av;Mega Camera, WDM Video Capture;c:\windows\SYSTEM32\DRIVERS\CA504AV.SYS [8/17/2004 4:56 PM 516149]
S2 WTScheduler;WTScheduler;c:\program files\WinTask\Bin\SchedSrv.exe [4/30/2009 4:02 PM 159744]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys --> c:\windows\system32\drivers\plturbh.sys [?]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys --> c:\windows\system32\drivers\plturbo.sys [?]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\SYSTEM32\DRIVERS\tj2kunic.sys [12/20/2004 7:59 PM 69680]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [8/14/2004 5:49 PM 15576]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\SYSTEM32\DRIVERS\MA111nd5.sys [6/19/2010 10:47 AM 666624]
S3 XIRLINK;Dsc Pro Digital 640 Camera;c:\windows\SYSTEM32\DRIVERS\C-itNT.sys [7/17/2004 6:13 PM 447245]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007Core.job
- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 22:38]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007UA.job
- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 22:38]

2008-12-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-07 23:38]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
IE: {{9239E4EC-C9A6-11D2-A844-00C04F68D538}
FF - ProfilePath - c:\documents and settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\PremierOpinion\components\pmxg.dll
FF - plugin: c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: PremierOpinion: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\PremierOpinion

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADscriptFile
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-fpdodipa - c:\documents and settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd\wwvqpootssd.exe
HKU-Default-Run-fpdodipa - c:\documents and settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd\wwvqpootssd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-21 12:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\l3codeca.acm
c:\program files\PremierOpinion\pmls.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-21 12:55:54
ComboFix-quarantined-files.txt 2010-07-21 19:55

Pre-Run: 34,005,061,632 bytes free
Post-Run: 36,158,152,704 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 6C2162F0D7EE6031C07FCBBC0893CE4F

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Thu Jul 22, 2010 2:23 am

Can I close the log.txt window? What do I do next?


marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Thu Jul 22, 2010 3:53 am

Hi, Smile

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\program files\PremierOpinion

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5643

    Firefox::
    FF - ProfilePath - c:\documents and settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\
    FF - HiddenExtension: PremierOpinion: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\PremierOpinion

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Thu Jul 22, 2010 6:09 am

I don't want to make any errors and being an engineer I will execute your directions EXACTLY how you tell me... step by step!
Remember I renamed the Combofix.exe file to commy.exe as you directed and moved it to my Desktop.... can I use the commy file for these next steps or should I use the original Combofix.exe file?
Also, after step 5 should I execute the exe file or does the dragging of the script file into the exe file actually create the Combofix.txt file?

Thank you for your patience...

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Thu Jul 22, 2010 6:16 am

Hi, Smile

Please drag CFScript.txt onto Commy.exe be sure that it is on your desktop and it will start.

I think that should answer your questions. Smile


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Thu Jul 22, 2010 8:20 am

I ran it best I could...... when I dragged the txt file into the Combofix file it started running the Combofix program again... after finishing it rebooted on its own and when I logged in it opened a window which said:
"Preparing Log Report
Do not run any........ finished"

Then a window popped open saying:
"Windows can not open this file:
File: MWSOEMON.exe.vir....."
and continues by asking if I ...
What do you want to do?
O .... Use web services to find progran to run this
O .... Select a program from a list

What is this and what do I do?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Thu Jul 22, 2010 8:40 am

Log.txt ......part-1

ComboFix 10-07-21.02 - Marcel Huizing 07/22/2010 0:41.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.504 [GMT -7:00]
Running from: H:\ComboFix.exe
Command switches used :: c:\documents and settings\Marcel Huizing\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\PremierOpinion
c:\program files\PremierOpinion\components\pmxg.dll
c:\program files\PremierOpinion\install.rdf
c:\program files\PremierOpinion\msvcp71.dll
c:\program files\PremierOpinion\msvcr71.dll
c:\program files\PremierOpinion\pmls.dll
c:\program files\PremierOpinion\pmls64.dll
c:\program files\PremierOpinion\pmoci.bin
c:\program files\PremierOpinion\pmph.dll
c:\program files\PremierOpinion\pmropn.exe
c:\program files\PremierOpinion\pmropn64.exe
c:\program files\PremierOpinion\pmservice.exe
c:\program files\PremierOpinion\pmxf.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-17 02:48 . 2010-07-17 02:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-17 02:27 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-17 02:27 . 2010-03-29 17:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-17 02:27 . 2009-11-23 20:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-17 02:27 . 2010-04-08 21:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-17 02:26 . 2010-07-17 02:27 -------- d-----w- c:\program files\Spyware Doctor
2010-07-17 02:26 . 2010-07-17 02:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\PC Tools
2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-17 02:24 . 2010-07-22 08:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-14 03:16 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-06 20:59 . 2010-07-06 20:59 -------- d-----w- C:\Course Technology
2010-07-06 17:29 . 2010-07-06 17:29 -------- d-----w- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\PCHealth
2010-06-29 16:30 . 2010-06-30 10:09 -------- d-----w- c:\program files\Microsoft Works
2010-06-29 16:29 . 2010-06-29 16:29 -------- d-----w- c:\program files\MSBuild
2010-06-29 16:26 . 2010-06-29 16:26 -------- d-----w- c:\program files\Microsoft.NET
2010-06-29 16:19 . 2010-06-29 16:19 -------- d-----r- C:\MSOCache
2010-06-23 10:18 . 2010-06-23 10:18 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 08:14 . 2004-07-07 11:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-21 19:31 . 2009-09-25 08:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-20 15:09 . 2004-07-13 21:54 158088 ----a-w- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-14 10:04 . 2010-06-21 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-13 10:07 . 2006-01-22 20:03 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-09 07:16 . 2005-11-15 02:35 158088 ----a-w- c:\documents and settings\Guest User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-01 20:45 . 2005-07-03 02:17 284 ----a-w- c:\documents and settings\Marcel Huizing\Application Data\ViewerApp.dat
2010-06-21 17:00 . 2008-12-17 20:13 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\Smilebox
2010-06-21 16:05 . 2010-06-21 16:04 -------- d-----w- c:\documents and settings\Marcel Huizing\Application Data\Nero
2010-06-20 10:02 . 2010-06-20 10:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-06-20 10:02 . 2010-06-20 10:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-19 17:47 . 2010-06-19 17:47 -------- d-----w- c:\program files\NETGEAR
2010-06-19 17:47 . 2004-07-07 11:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-07 17:23 . 2010-06-07 17:03 -------- d-----w- c:\program files\Common Files\Nero
2010-06-07 17:14 . 2010-06-07 17:04 -------- d-----w- c:\program files\Nero
2010-06-07 17:07 . 2010-06-07 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-06-07 17:00 . 2010-06-07 17:00 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-06 10:41 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2003-05-01 08:01 . 2003-05-01 08:01 49664 -c--a-w- c:\program files\swfdecomp.exe
2003-08-25 21:06 . 2005-04-04 06:54 40960 ----a-w- c:\program files\internet explorer\plugins\ftdwser.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2004-07-01 95344]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SmileboxTray"="c:\documents and settings\Marcel Huizing\Application Data\Smilebox\SmileboxTray.exe" [2008-11-26 254600]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104]
"cdloader"="c:\documents and settings\Marcel Huizing\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 70816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-15 53248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WTIndicator"="c:\program files\WinTask\Bin\SchedInd.exe" [2009-04-30 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2006-10-7 43520]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Billminder.lnk - c:\program files\QUICKENW\BILLMIND.EXE [2004-11-8 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2010-6-19 1158144]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MyWebSearch Email Plugin.lnk - c:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir [2004-11-9 28672]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2005-3-11 155715]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-4-14 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-4-14 106496]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-2-23 806912]
Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2004-11-8 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 3\\Dreamweaver.exe"=
"c:\\Documents and Settings\\Marcel Huizing\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Marcel Huizing\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Marcel Huizing\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [7/16/2010 7:27 PM 218592]
S2 Ca504av;Mega Camera, WDM Video Capture;c:\windows\SYSTEM32\DRIVERS\CA504AV.SYS [8/17/2004 4:56 PM 516149]
S2 WTScheduler;WTScheduler;c:\program files\WinTask\Bin\SchedSrv.exe [4/30/2009 4:02 PM 159744]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys --> c:\windows\system32\drivers\plturbh.sys [?]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys --> c:\windows\system32\drivers\plturbo.sys [?]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\SYSTEM32\DRIVERS\tj2kunic.sys [12/20/2004 7:59 PM 69680]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [8/14/2004 5:49 PM 15576]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\SYSTEM32\DRIVERS\MA111nd5.sys [6/19/2010 10:47 AM 666624]
S3 XIRLINK;Dsc Pro Digital 640 Camera;c:\windows\SYSTEM32\DRIVERS\C-itNT.sys [7/17/2004 6:13 PM 447245]

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Thu Jul 22, 2010 8:41 am

log.txt........part 2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007Core.job
- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 22:38]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007UA.job
- c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 22:38]

2008-12-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-07 23:38]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
IE: {{9239E4EC-C9A6-11D2-A844-00C04F68D538}
FF - ProfilePath - c:\documents and settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Marcel Huizing\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Marcel Huizing\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PremierOpinion - c:\program files\PremierOpinion\pmropn.exe
AddRemove-{eeb86aef-4a5d-4b75-9d74-f16d438fc286} - c:\program files\PremierOpinion\pmropn.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-22 01:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2010-07-22 01:26:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-22 08:26
ComboFix2.txt 2010-07-21 19:55

Pre-Run: 36,180,717,568 bytes free
Post-Run: 36,154,032,128 bytes free

- - End Of File - - C1E156B1E73A3DF638566F6F70A75941

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Thu Jul 22, 2010 7:29 pm

Hi, Smile

That pop-up is part of MyWebSearch hence the MWS file name, we will rid of it. Right On!

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Thu Jul 22, 2010 10:36 pm

When I click on your link I get to a page that contains this:

Download Now (5.87MB)
or Smart Install
Tested spyware free

When I click on the Download link I get a new page with many links for all kinds of anti virus stuff and more..... Cna you tell me which lick I am supposed to click.... sorry for my concern, but these virusses have really cautioned me... thanks again.

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Thu Jul 22, 2010 11:19 pm

Hi, Smile

Click on the big green button that says 'Download Now' that is the correct one.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Fri Jul 23, 2010 12:02 am

Yes, that is the one that takes me to the pge with too many options.... what then?

Thank you

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Fri Jul 23, 2010 12:05 am

This is what comes up in the main part of the page:

Your download will begin in a moment...
Next, keep Malwarebytes Anti-Malware and all your software up-to-date with CNET TechTracker, a free application from CNET. No download? Check for your browser's security bar at the top of the page. Need more help? Visit the Download Help Center. Want to be notified when Malwarebytes Anti-Malware is updated?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Fri Jul 23, 2010 12:06 am

This is the address of that page:

[You must be registered and logged in to see this link.]

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Fri Jul 23, 2010 12:08 am

Then it went to this page automatically:

[You must be registered and logged in to see this link.]

Do I have to purchase something?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Fri Jul 23, 2010 5:09 am

Hi, Smile

Please use this link: [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Fri Jul 23, 2010 6:13 am

First.... the popup window regarding the MWSOEMON.EXE.vir options pops up at startup still.. Do I need to do something with it? Sofar I have just closed the window every time....

Here is the mbam-log:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4340

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/22/2010 10:52:06 PM
mbam-log-2010-07-22 (22-52-06).txt

Scan type: Quick scan
Objects scanned: 155893
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 85
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\zango.desktopflash (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zango.desktopflash.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1985fce1-4043-4346-ae70-d0a0cd90bdd3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{dbf00e12-281c-4dc8-a7ec-1ff45182439b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ad71e48f-6f47-4b63-9312-fae879541c4d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dd1cb2d7-161d-4b84-ae5c-08d3faed894f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ZangoSA_df.exe (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\zango@zango.com (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\res2 (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion (Adware.PremierOpinion) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest User\Application Data\Smart-Shopper\cs\res2\WhiteList.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\About PremierOpinion.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Privacy Policy and User License Agreement.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Support.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Uninstall Instructions.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.

Am I done now and cean again?
Is what I have downloaded from Malwarebytes something I should have running all the time to protect myself, or do you recommend something else...... anything free would be appreciated as I am not working at this time...
Thank you again!!!

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Fri Jul 23, 2010 6:42 am

Hi, Smile

Could you please run OTL again. Right On!


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Fri Jul 23, 2010 8:37 am

I only ran the Scan in OTL.exe...... Here is the OTL.log..... what next?

OTL.log:

OTL logfile created on: 7/23/2010 1:26:03 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 556.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 33.74 Gb Free Space | 45.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 95.78 Mb Total Space | 55.06 Mb Free Space | 57.49% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: D1N8R751
Current User Name: Marcel Huizing
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/18 21:00:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/30 16:00:58 | 000,053,248 | ---- | M] () -- C:\Program Files\WinTask\Bin\SchedInd.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/11/15 19:44:14 | 001,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2005/11/15 19:42:22 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/09/29 10:28:36 | 001,158,144 | ---- | M] () -- C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
PRC - [2004/07/08 16:13:42 | 000,106,496 | ---- | M] (Sony Corporation.) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
PRC - [2004/06/03 01:51:27 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2004/06/03 01:50:07 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2004/04/23 11:04:18 | 000,158,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2004/01/27 19:06:54 | 000,218,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2003/11/21 21:02:42 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
PRC - [2003/11/10 13:30:12 | 000,234,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2003/11/10 13:30:04 | 000,255,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2003/11/10 13:30:02 | 000,070,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2002/04/12 14:39:24 | 000,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
PRC - [2002/01/10 11:44:28 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE
PRC - [1999/03/12 08:07:38 | 000,043,520 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2010/07/18 21:00:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2004/03/10 11:42:44 | 000,197,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Antispam\ASOEHOOK.DLL
MOD - [2003/11/21 14:05:02 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcr70.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/04/30 16:02:52 | 000,159,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\WinTask\Bin\SchedSrv.exe -- (WTScheduler)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/09/15 10:01:39 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2004/06/29 16:14:38 | 000,193,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/04/23 11:04:18 | 000,158,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/01/27 19:06:54 | 000,218,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2003/12/04 18:22:30 | 000,193,816 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan)
SRV - [2003/11/10 13:30:12 | 000,234,656 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2003/11/10 13:30:10 | 000,087,200 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2003/11/10 13:30:04 | 000,255,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/06/24 16:23:10 | 000,066,784 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\script Blocking\SBServ.exe -- (SBService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\plturbo.sys -- (PLTurbo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\plturbh.sys -- (PLTurbh)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/29 10:28:38 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MA111nd5.sys -- (WlanUIB)
DRV - [2004/09/29 10:28:38 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MA111nd5.sys -- (WLAN_USB)
DRV - [2004/09/29 10:28:36 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/09/01 01:00:00 | 000,617,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040901.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/09/01 01:00:00 | 000,068,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040901.016\NAVENG.SYS -- (NAVENG)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/07 04:13:22 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/07/01 23:23:26 | 000,170,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO)
DRV - [2004/06/29 16:13:52 | 000,263,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/29 16:13:46 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/06/29 16:13:42 | 000,046,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2004/06/29 16:13:40 | 000,166,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2004/06/29 16:13:40 | 000,051,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2004/06/29 16:13:34 | 000,011,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/03/14 23:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/14 23:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/14 23:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/14 23:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/14 23:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/14 23:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/14 23:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/14 23:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/14 23:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/02/27 00:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 01:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 17:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 17:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/12/04 18:22:30 | 000,308,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT)
DRV - [2003/12/04 18:22:30 | 000,037,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - [2003/11/21 14:05:02 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/05/23 10:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)
DRV - [2002/10/13 21:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)
DRV - [2002/07/25 11:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Bulk504.sys -- (USBCamera)
DRV - [2002/06/18 14:55:56 | 000,516,149 | ---- | M] (Digital Camera.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CA504AV.SYS -- (Ca504av)
DRV - [2002/06/14 10:46:32 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbbc.sys -- (Wdm1)
DRV - [2002/05/31 13:01:00 | 000,012,338 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/01/24 09:20:10 | 000,024,160 | R--- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuvaud2.sys -- (nuvaud2)
DRV - [2001/01/24 09:18:08 | 000,147,840 | R--- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuvvid2.sys -- (nuvvid2)
DRV - [2000/04/27 17:29:02 | 000,447,245 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\C-itNT.sys -- (XIRLINK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://orion.mesacc.edu/portal/"
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.326.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 07:45:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/12 09:02:31 | 000,000,000 | ---D | M]

[2009/01/15 15:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Extensions
[2010/07/16 12:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\extensions
[2010/06/03 08:47:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Marcel Huizing\Application Data\Mozilla\Firefox\Profiles\7d43qube.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/14 00:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/06/22 13:44:58 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/07/22 01:10:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (WTBho Class) - {348FE907-249E-4C65-A838-F34A193FE1D1} - C:\Program Files\WinTask\Bin\TaskBHO.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WTIndicator] C:\Program Files\WinTask\Bin\SchedInd.exe ()
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Marcel Huizing\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\Marcel Huizing\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (MyWebSearch.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/07/04 00:56:32 | 000,000,000 | ---D | M]
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [You must be registered and logged in to see this link.] (DeviceEnum Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} [You must be registered and logged in to see this link.] (PtClickLoan Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcel Huizing\My Documents\Business\OvertakeRacing\Marcel\sreensaver\lean-2.BMP
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/14 15:40:06 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/22 22:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Application Data\Malwarebytes
[2010/07/22 22:28:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 22:28:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 22:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/22 22:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 22:26:45 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marcel Huizing\Desktop\mbam-setup.exe
[2010/07/20 16:39:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/20 14:48:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/20 14:48:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/20 14:48:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/20 14:48:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/20 14:48:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/20 14:46:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/16 19:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/13 20:16:17 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/06 13:59:46 | 000,000,000 | ---D | C] -- C:\Course Technology
[2010/07/06 10:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\PCHealth
[2010/06/29 09:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/06/29 09:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/29 09:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/06/29 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/29 09:19:46 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/06/23 03:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/06/19 10:47:19 | 000,666,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys
[2006/09/19 13:41:35 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\imploDE.DLL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/23 01:23:42 | 000,000,197 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\MBAM.url
[2010/07/23 01:20:24 | 000,001,170 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/23 01:17:49 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/23 00:47:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007UA.job
[2010/07/22 23:41:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/22 23:41:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/22 23:41:16 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/22 23:36:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Marcel Huizing\NTUSER.INI
[2010/07/22 23:36:46 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Marcel Huizing\NTUSER.DAT
[2010/07/22 22:28:08 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/22 22:26:45 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marcel Huizing\Desktop\mbam-setup.exe
[2010/07/22 16:47:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2260793998-1752009068-3399909089-1007Core.job
[2010/07/22 01:12:09 | 000,001,071 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
[2010/07/22 01:10:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/22 01:10:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/07/22 00:35:10 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Shortcut to ComboFix.exe.lnk
[2010/07/21 19:15:53 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 12:31:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/20 16:40:04 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/07/20 14:35:16 | 003,739,568 | R--- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\commy.exe
[2010/07/20 11:22:20 | 000,832,656 | -H-- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\IconCache.db
[2010/07/20 08:09:02 | 000,158,088 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/20 08:06:15 | 000,540,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/14 09:35:11 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/14 09:16:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Word 2007.lnk
[2010/07/14 01:00:49 | 000,001,373 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2010/07/13 15:59:00 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\GoDaddy.url
[2010/07/12 09:40:58 | 000,050,778 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\done.url
[2010/07/11 10:18:16 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Cox Cable Guide.url
[2010/07/09 14:10:22 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Radio.url
[2010/07/09 13:40:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 16:23:30 | 000,000,905 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/06 16:22:42 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/05 15:54:30 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Desktop\FaceBook.url
[2010/07/03 23:48:03 | 000,003,256 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Default.sfvidcap
[2010/07/03 23:47:38 | 000,012,848 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Still 001.jpg
[2010/07/03 23:45:03 | 020,834,816 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Clip 001.avi
[2010/07/03 10:22:56 | 000,031,481 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-diagram.jpg
[2010/07/03 10:22:56 | 000,029,560 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-skimmer.jpg
[2010/07/03 10:21:20 | 000,019,907 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Plumbing_Basic_631.jpg
[2010/07/01 13:45:29 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\ViewerApp.dat
[2010/06/30 10:48:00 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/26 22:40:41 | 000,307,311 | ---- | M] () -- C:\Documents and Settings\Marcel Huizing\My Documents\6022_operation_guide[1].pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/23 01:23:07 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\MBAM.url
[2010/07/22 22:28:08 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/22 00:35:10 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Shortcut to ComboFix.exe.lnk
[2010/07/21 08:28:49 | 1071,714,304 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/20 16:39:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/20 16:39:44 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/20 14:48:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/20 14:48:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/20 14:48:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/20 14:48:16 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/20 14:48:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/20 14:35:16 | 003,739,568 | R--- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\commy.exe
[2010/07/14 09:15:09 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Word 2007.lnk
[2010/07/06 16:24:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/06 16:22:42 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/03 23:47:37 | 000,012,848 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Still 001.jpg
[2010/07/03 23:44:53 | 020,834,816 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\(Unknown) - Clip 001.avi
[2010/07/03 10:23:29 | 000,029,560 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-skimmer.jpg
[2010/07/03 10:23:19 | 000,031,481 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\swimming-pool-diagram.jpg
[2010/07/03 10:21:49 | 000,019,907 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\Plumbing_Basic_631.jpg
[2010/06/29 09:42:46 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/26 22:40:38 | 000,307,311 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\My Documents\6022_operation_guide[1].pdf
[2010/06/26 22:32:05 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\Marcel Huizing\Desktop\Cox Cable Guide.url
[2010/04/05 15:24:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
[2010/01/16 21:43:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2009/03/20 09:03:44 | 000,000,849 | ---- | C] () -- C:\WINDOWS\capture.INI
[2009/01/21 14:05:50 | 000,000,171 | ---- | C] () -- C:\WINDOWS\AutoScreenRecorder.INI
[2009/01/17 22:04:25 | 000,000,389 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2008/06/18 02:20:16 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2008/06/18 02:20:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/06/14 09:20:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\route.ini
[2008/02/03 09:19:38 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/03 09:19:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/03 09:19:38 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/03 09:19:37 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/12/05 10:03:33 | 000,001,583 | ---- | C] () -- C:\WINDOWS\VBOSS.INI
[2007/12/05 10:03:12 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\ssce.INI
[2007/12/05 10:03:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\UnzipCtrl.dll
[2007/12/05 10:03:04 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\ZipCtrl.dll
[2007/12/05 09:41:21 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\SP32W.DLL
[2007/11/07 11:10:14 | 000,000,314 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2007/11/07 11:09:40 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\FAXMON.DLL
[2007/03/01 09:29:25 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SWFConverter.INI
[2007/03/01 09:29:03 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/01 09:29:03 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/21 10:48:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/07 08:39:01 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\PdfPorts.dll
[2006/10/03 09:04:23 | 000,000,193 | ---- | C] () -- C:\WINDOWS\VMan.INI
[2006/04/24 19:36:49 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/01/13 10:50:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2006/01/11 23:04:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PNTINFO.INI
[2005/09/05 03:08:32 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2005/04/14 15:18:13 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/03/11 16:09:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/01/26 17:09:41 | 000,000,049 | ---- | C] () -- C:\WINDOWS\atg.ini
[2005/01/23 03:18:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VideoWave.INI
[2004/11/08 22:26:48 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/11/08 22:26:47 | 000,001,078 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/09/18 12:51:52 | 000,002,144 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/09/02 09:52:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2004/09/02 09:52:33 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll
[2004/08/29 13:58:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/08/29 13:42:07 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2004/08/17 16:56:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2004/08/17 16:56:47 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2004/08/17 16:56:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2004/08/17 16:56:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2004/08/17 16:56:47 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw504a.ini
[2004/08/17 16:56:47 | 000,001,906 | ---- | C] () -- C:\WINDOWS\CA504A.INI
[2004/08/17 16:56:47 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\I-dext504.ini
[2004/08/17 16:56:47 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\S-dext504.ini
[2004/08/17 16:56:47 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\F-dext504.ini
[2004/08/17 16:56:47 | 000,000,458 | ---- | C] () -- C:\WINDOWS\System32\P-dext504.ini
[2004/08/17 16:56:47 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\G-dext504.ini
[2004/08/17 16:56:47 | 000,000,454 | ---- | C] () -- C:\WINDOWS\System32\H-dext504.ini
[2004/08/17 16:56:47 | 000,000,453 | ---- | C] () -- C:\WINDOWS\System32\E-dext504.ini
[2004/08/17 16:56:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Setup504.ini
[2004/08/17 16:56:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2004/08/15 23:19:40 | 000,000,244 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2004/08/14 17:49:14 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2004/08/09 11:20:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2004/08/09 11:20:30 | 000,042,172 | ---- | C] () -- C:\WINDOWS\php.ini
[2004/07/31 11:08:59 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/07/31 11:04:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\sbaparam.dll
[2004/07/31 11:04:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\sbautils.dll
[2004/07/31 11:04:00 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\EmbeddedDX.dll
[2004/07/31 11:03:59 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2004/07/31 11:03:59 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2004/07/31 11:03:59 | 000,001,433 | ---- | C] () -- C:\WINDOWS\WINPOINT.INI
[2004/07/31 11:03:59 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2004/07/31 11:03:59 | 000,000,255 | ---- | C] () -- C:\WINDOWS\GrAdr16.ini
[2004/07/31 11:03:59 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2004/07/27 16:26:50 | 000,000,062 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2004/07/20 21:45:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/07/20 11:48:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/07/17 21:19:14 | 000,000,829 | ---- | C] () -- C:\WINDOWS\SMVIEW.INI
[2004/07/17 18:14:13 | 000,000,512 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2004/07/17 18:13:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\xl_setup.ini
[2004/07/17 09:37:40 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2004/07/17 08:53:09 | 000,001,373 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/07/16 21:17:18 | 000,000,905 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/07 04:25:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/07 04:12:24 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/07 04:08:43 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/07 03:54:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/07 03:54:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/07 03:40:10 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 14:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/27 10:32:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\DSWndinet.dll
[2003/09/08 15:07:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hhsaid.dll
[1999/10/13 15:59:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\gns2kzip.dll
[1999/07/29 01:27:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/02/27 12:13:12 | 000,000,586 | ---- | C] () -- C:\WINDOWS\3DFAX.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Fri Jul 23, 2010 5:49 pm

Hi, Smile

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (MyWebSearch.com)

    :commands
    [emptytemp]
    [resethosts]
    [reboot]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Fri Jul 23, 2010 10:07 pm

All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk moved successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 982 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Marcel Huizing
->Temp folder emptied: 1460694 bytes
->Temporary Internet Files folder emptied: 163841097 bytes
->Java cache emptied: 36126761 bytes
->FireFox cache emptied: 35984473 bytes
->Flash cache emptied: 2103440 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 148483 bytes
%systemroot%\System32 .tmp files removed: 2952721 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 232.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 07232010_115658

Files\Folders moved on Reboot...
C:\Documents and Settings\Marcel Huizing\Local Settings\Temporary Internet Files\Content.IE5\PIAHH0V3\win32-nuqele-and-bankerfoxa-t22772-45[1].htm moved successfully.
C:\Documents and Settings\Marcel Huizing\Local Settings\Temporary Internet Files\Content.IE5\MHU5YX5L\win32-nuqele-and-bankerfoxa-t22772-30[1].htm moved successfully.

Registry entries deleted on Reboot...

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Fri Jul 23, 2010 10:27 pm

Hi, Smile

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Sat Jul 24, 2010 5:27 pm

OK, but after I accepted Terms and clicked Start a warning window popped up asking if it was OK to install "OnlineScanner.cab" from ESET? Should I say yes and then continue with install of ActiveX ?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Sat Jul 24, 2010 7:31 pm

Yes, please do that. Smile


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Sat Jul 24, 2010 10:27 pm

When complete it asked if I want to :
O......Uninstall application on close
O......Delete Quaratied Files
Should I chaeck mark either of these?

Here is the log.txt:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=44835802cd800046839d366d626a8aed
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-24 10:06:12
# local_time=2010-07-24 03:06:12 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3586 16764925 100 97 184801550 210466085 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=177091
# found=25
# cleaned=25
# scan_time=8009
C:\Qoobox\Quarantine\C\Documents and Settings\Marcel Huizing\Local Settings\Application Data\ivmiwvsjd\wwvqpootssd.exe.vir a variant of Win32/Kryptik.FQK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/Toolbar.MyWebSearch.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Adware.Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Adware.Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Win32/Adware.Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\PremierOpinion\pmls.dll.vir Win32/Adware.RK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\PremierOpinion\pmropn.exe.vir a variant of Win32/Adware.RK.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\FTDISK.SYS.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2166\A0364230.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366288.SYS Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366326.DLL Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366327.DLL Win32/Toolbar.MyWebSearch.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366328.SCR Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366329.DLL Win32/Toolbar.MyWebSearch.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366335.DLL Win32/Adware.Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366339.DLL Win32/Adware.Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366341.DLL Win32/Adware.Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366345.scr Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366348.exe a variant of Win32/Kryptik.FQK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366443.dll Win32/Adware.RK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0366446.exe a variant of Win32/Adware.RK.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Sat Jul 24, 2010 10:51 pm

Hi, Smile

When complete it asked if I want to :
O......Uninstall application on close
O......Delete Quaratied Files
Should I chaeck mark either of these?

Please check both. Right On!

=======

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download [You must be registered and logged in to see this link.] by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: [You must be registered and logged in to see this link.]

=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=========

color=green]Here are some prevention tips I have provided:[/color]

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. [You must be registered and logged in to see this link.]

9. Also there are many holes and flaws in Internet Explorer I recommend using [You must be registered and logged in to see this link.] to keep you more safe.

10. Always keep your [You must be registered and logged in to see this link.] and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Sun Jul 25, 2010 12:33 am

Thank you for all your help... Marcel

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Sun Jul 25, 2010 12:35 am

You're welcome, glad to help. Smile


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Windows error on laptop

Post by marcusmax2001 on Fri Aug 06, 2010 4:31 am

Can you help me with this or do I have to create a new posting?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Fri Aug 06, 2010 4:47 am

I'm running Windows XP SP2 on my PC laptop and it comes up for less than 5 minutes and functions, but then flashes a blue screen with error text displayed, but not long enough for me to read it...... What I do get is a message that says "Windows has expeienced a Fatal Error"

When I boot up in safe mode it runs fine...
I do not have the Windows XP CD's
Any suggestions?

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by marcusmax2001 on Fri Aug 06, 2010 4:48 am

That last posting was not for the virusses, it's a new one.... you fixed the virusses issue already.... thanks

marcusmax2001
Novice
Novice

Posts Posts : 38
Joined Joined : 2010-07-17
OS OS : xp
Points Points : 23874
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sneakyone on Fri Aug 06, 2010 6:49 am

Hi.

Lets make sure no malware remains.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum