TechSpot

Google redirect.

Solved
By davidanthony
Nov 14, 2010
  1. HI,
    Appreciate any help getting rid of the google redirect virus here are my logs after going through the 8 step procedure you asked for.


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/22/2010 10:56:05 PM
    System Uptime: 11/14/2010 10:29:49 AM (0 hours ago)

    Motherboard: | | 939Dual-SATA2
    Processor: AMD Athlon(tm) 64 Processor 3500+ | CPUSocket | 2200/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 17.425 GiB free.
    D: is FIXED (NTFS) - 186 GiB total, 47.38 GiB free.
    E: is CDROM ()
    F: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 5.0 Limited Edition
    Adobe Reader 9.1
    Aion
    Apple Application Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    ATI HYDRAVISION
    ATI Parental Control & Encoder
    ATI Problem Report Wizard
    AudibleManager
    AVG 2011
    AVIVO Codecs
    Canon PhotoRecord
    Canon S820
    Canon Utilities PhotoStitch 3.1
    Canon Utilities ZoomBrowser EX
    Counter-Strike: Source
    Creative Audio Control Panel
    Creative MediaSource
    Creative Software AutoUpdate
    Exploration Mars
    Express Burn
    Garmin USB Drivers
    Garmin WebUpdater
    GetDataBack for NTFS
    Google Chrome
    Google Earth
    Google Update Helper
    Google Updater
    Hearts of Iron III
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Update
    Java(TM) 6 Update 15
    LEGO Cam
    LimeWire 5.2.13
    Malwarebytes' Anti-Malware
    MapSource
    MapSource - Topo Canada v2
    Medieval II: Total War
    Medieval II: Total War - Kingdoms
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 97, Professional Edition
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MP3 Player Recovery Tool
    MSN
    MSVCRT
    MSXML 6 Service Pack 2 (KB973686)
    NCsoft Launcher
    Net Assistant
    OpenAL
    PC Inspector File Recovery
    QuickTime
    RealPlayer 7 Basic
    RegCure 1.6.0.0
    Robotics Invention System 2.0
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    Segoe UI
    Skype Toolbars
    Skype™ 4.2
    Sound Blaster X-Fi
    Steam
    SUPERAntiSpyware Free Edition
    Triptych
    ULi LAN Driver
    ULi M5289 SATA Driver
    Unlocker 1.8.7
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    Vision Command
    WebFldrs XP
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Installer 3.1 (KB893803)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Format Runtime
    Windows Media Player 10
    WinRAR archiver
    ZEN V Series Media Explorer

    ==== End Of File ===========================



    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Dave at 10:42:37.01 on Sun 11/14/2010
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.587 [GMT -4:00]

    AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Dave.COGGER\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = www.aliant.net
    uInternet Settings,ProxyOverride = 127.0.0.1
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [SUPERAntiSpyware] d:\program files\SUPERAntiSpyware.exe
    mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: aol.com\free
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - d:\program files\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\SASSEH.DLL

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
    R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [2009-8-5 12872]
    R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [2009-8-5 67656]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [2010-4-16 36981]
    R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2010-5-3 31872]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2009-8-4 28672]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\common files\creative labs shared\service\ctaelicensing.exe" --> c:\program files\common files\creative labs shared\service\CTAELicensing.exe [?]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
    S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [2009-8-5 12872]
    S4 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\google\update\GoogleUpdate.exe [2009-8-7 133104]
    S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2010-3-15 51840]

    =============== Created Last 30 ================

    2010-11-11 04:45:52 -------- d-----w- c:\program files\win
    2010-11-05 21:59:31 -------- d--h--w- C:\$AVG
    2010-11-05 21:56:42 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
    2010-11-05 21:50:49 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\AVG10
    2010-11-05 21:27:10 -------- d-----w- c:\windows\system32\drivers\AVG
    2010-11-05 21:27:10 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
    2010-11-05 21:09:35 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
    2010-11-05 13:01:04 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Rewi
    2010-11-05 13:01:04 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Fydy
    2010-11-05 02:53:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Quwe
    2010-11-05 02:53:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Ezud
    2010-11-04 11:42:05 -------- d-----w- c:\program files\tmp
    2010-11-03 01:01:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Kuimx
    2010-11-03 01:01:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Icwega
    2010-11-03 01:01:04 -------- d-----w- c:\program files\windows

    ==================== Find3M ====================


    ============= FINISH: 10:43:46.62 ===============


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-14 10:39:33
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f ST380011A rev.3.06
    Running: p7x72zpu.exe; Driver: C:\DOCUME~1\DAVE~1.COG\LOCALS~1\Temp\uftdqpod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----



    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5111

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    11/14/2010 10:19:15 AM
    mbam-log-2010-11-14 (10-19-15).txt

    Scan type: Quick scan
    Objects scanned: 277852
    Time elapsed: 21 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\lusaru.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jonathan.COGGER\Start Menu\Programs\Startup\wuade.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nic\Start Menu\Programs\Startup\xoekto.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Shelley.COGGER\Start Menu\Programs\Startup\afpeil.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dave.COGGER\Application Data\dkfjasdfshd.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users.WINDOWS\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.




    Good Luck!
    Thanks in advance...
     
  2. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  3. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    Thanks for the quick response.

    Here is the MBR log.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x0000003d

    Kernel Drivers (total 132):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806CE000 \WINDOWS\system32\hal.dll
    0xF7ADC000 \WINDOWS\system32\KDCOM.DLL
    0xF79EC000 \WINDOWS\system32\BOOTVID.dll
    0xF74AD000 ACPI.sys
    0xF7ADE000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF749C000 pci.sys
    0xF75DC000 isapnp.sys
    0xF7AE0000 aliide.sys
    0xF785C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF75EC000 MountMgr.sys
    0xF747D000 ftdisk.sys
    0xF7864000 PartMgr.sys
    0xF75FC000 VolSnap.sys
    0xF7465000 atapi.sys
    0xF786C000 cercsr6.sys
    0xF744D000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xF760C000 disk.sys
    0xF761C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF742E000 fltMgr.sys
    0xF741C000 sr.sys
    0xF7405000 KSecDD.sys
    0xF73F2000 WudfPf.sys
    0xF7365000 Ntfs.sys
    0xF7338000 NDIS.sys
    0xF731D000 Mup.sys
    0xF7874000 avgrkx86.sys
    0xF762C000 AVGIDSEH.Sys
    0xF765C000 \SystemRoot\system32\DRIVERS\processr.sys
    0xF7145000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF7131000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF70C5000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xF70A1000 \SystemRoot\system32\drivers\portcls.sys
    0xF766C000 \SystemRoot\system32\drivers\drmk.sys
    0xF707E000 \SystemRoot\system32\drivers\ks.sys
    0xF704C000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xF78A4000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0xF78B4000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF7038000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7A78000 \SystemRoot\system32\DRIVERS\gameenum.sys
    0xF767C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF78BC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF78C4000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF768C000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF7A80000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF78D4000 \SystemRoot\system32\DRIVERS\ULILAN51.SYS
    0xF769C000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF76AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76BC000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF78F4000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xF6FED000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF78FC000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7C8F000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF76CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7A94000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6FD6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF76DC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF76EC000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF791C000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6FC5000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF76FC000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF792C000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF793C000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF770C000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7AE6000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6F91000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7AA8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF771C000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7AEA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF772C000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA64F0000 \SystemRoot\system32\drivers\ha20x2k.sys
    0xA64C3000 \SystemRoot\system32\drivers\emupia2k.sys
    0xA649C000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0xA6400000 \SystemRoot\system32\drivers\ctac32k.sys
    0xF7954000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF779C000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
    0xF7AF4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7CED000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7AF8000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF796C000 \SystemRoot\System32\drivers\vga.sys
    0xF7AFC000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF797C000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF798C000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7A64000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA63CD000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA6375000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA632D000 \SystemRoot\system32\DRIVERS\avgtdix.sys
    0xA630C000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF77AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF79A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF79B4000 \SystemRoot\system32\DRIVERS\OVCE.sys
    0xF77BC000 \SystemRoot\system32\DRIVERS\OVCAM2.sys
    0xF77CC000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0xA628E000 \SystemRoot\system32\DRIVERS\OVCODEK2.sys
    0xA6266000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF79DC000 \SystemRoot\system32\drivers\OVSound2.sys
    0xA6244000 \SystemRoot\System32\drivers\afd.sys
    0xF77DC000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA6222000 \??\D:\Program Files\SASKUTIL.sys
    0xF77EC000 \SystemRoot\System32\Drivers\LTower.sys
    0xF7894000 \??\D:\Program Files\SASDIFSV.SYS
    0xA6156000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA60E7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF77FC000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA60AB000 \SystemRoot\system32\DRIVERS\avgldx86.sys
    0xF783C000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA601B000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7B1C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA6097000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF790C000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7CF1000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA3A7E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7AE4000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xA3D5B000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
    0xA3C7B000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
    0xA393E000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
    0xA382B000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xA33DE000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA3783000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF79BC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xA308F000 \SystemRoot\system32\drivers\kmixer.sys
    0xBFF50000 \SystemRoot\System32\TSDDD.dll
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF055000 \SystemRoot\System32\ati2cqag.dll
    0xBF09C000 \SystemRoot\System32\atikvmag.dll
    0xBF0E2000 \SystemRoot\System32\ati3duag.dll
    0xBF32D000 \SystemRoot\System32\ativvaxx.dll
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 42):
    0 System Idle Process
    4 System
    540 C:\WINDOWS\system32\smss.exe
    572 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    748 csrss.exe
    792 C:\WINDOWS\system32\winlogon.exe
    864 C:\WINDOWS\system32\services.exe
    884 C:\WINDOWS\system32\lsass.exe
    1060 C:\WINDOWS\system32\ati2evxx.exe
    1108 C:\WINDOWS\system32\svchost.exe
    1208 svchost.exe
    1308 C:\WINDOWS\system32\svchost.exe
    1364 C:\WINDOWS\system32\svchost.exe
    1400 C:\WINDOWS\system32\ati2evxx.exe
    1496 svchost.exe
    1612 svchost.exe
    1668 C:\WINDOWS\system32\spoolsv.exe
    1804 svchost.exe
    1836 C:\Program Files\AVG\AVG10\avgwdsvc.exe
    1888 C:\WINDOWS\system32\svchost.exe
    1904 wdfmgr.exe
    1984 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    836 C:\Program Files\AVG\AVG10\avgnsx.exe
    892 C:\Program Files\AVG\AVG10\avgemcx.exe
    984 alg.exe
    2732 C:\WINDOWS\system32\wscntfy.exe
    2868 C:\WINDOWS\explorer.exe
    3056 C:\Program Files\AVG\AVG10\avgtray.exe
    3144 D:\Program Files\SUPERANTISPYWARE.EXE
    3436 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    3864 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    3900 C:\Program Files\AVG\AVG10\avgcsrvx.exe
    2632 csrss.exe
    3916 C:\WINDOWS\system32\winlogon.exe
    1436 C:\WINDOWS\system32\ati2evxx.exe
    2172 explorer.exe
    2232 wscntfy.exe
    268 avgtray.exe
    2344 msnmsgr.exe
    2340 AVGIDSMonitor.exe
    2596 rundll32.exe
    396 C:\Documents and Settings\Dave.COGGER\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST380011A, Rev: 3.06
    PhysicalDrive1 Model Number: ST3200826A, Rev: 3.03

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    186 GB \\.\PhysicalDrive1 Legit MBR code detected
    SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495


    Done!
     
  4. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    combo log

    Here is the log for combo...


    ComboFix 10-11-14.01 - Dave 11/14/2010 19:56:43.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.704 [GMT -4:00]
    Running from: c:\documents and settings\Dave.COGGER\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Dave.COGGER\Application Data\completescan
    c:\documents and settings\Dave.COGGER\Application Data\install
    c:\documents and settings\Dave.COGGER\patriot tickets info .txt
    c:\documents and settings\Jonathan.COGGER\Application Data\.#
    c:\documents and settings\Jonathan.COGGER\Application Data\Baweb
    c:\documents and settings\Jonathan.COGGER\Application Data\Baweb\esevy.exe
    c:\program files\Mozilla Firefox\extensions\{0170ED98-2070-4F36-8F32-39A9C582C255}
    c:\program files\Mozilla Firefox\extensions\{0170ED98-2070-4F36-8F32-39A9C582C255}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{0170ED98-2070-4F36-8F32-39A9C582C255}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{0170ED98-2070-4F36-8F32-39A9C582C255}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{03FF7EC8-BBBE-45A9-A962-F391FFE86908}
    c:\program files\Mozilla Firefox\extensions\{03FF7EC8-BBBE-45A9-A962-F391FFE86908}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{03FF7EC8-BBBE-45A9-A962-F391FFE86908}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{03FF7EC8-BBBE-45A9-A962-F391FFE86908}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{0513B74D-B20D-4D0E-BC0E-E9C4159315DC}
    c:\program files\Mozilla Firefox\extensions\{0513B74D-B20D-4D0E-BC0E-E9C4159315DC}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{0513B74D-B20D-4D0E-BC0E-E9C4159315DC}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{0513B74D-B20D-4D0E-BC0E-E9C4159315DC}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{07EF6850-BA69-40F6-A769-33E145D6AA54}
    c:\program files\Mozilla Firefox\extensions\{07EF6850-BA69-40F6-A769-33E145D6AA54}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{07EF6850-BA69-40F6-A769-33E145D6AA54}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{07EF6850-BA69-40F6-A769-33E145D6AA54}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{0833E029-50E9-4440-9320-ED665044B9E0}
    c:\program files\Mozilla Firefox\extensions\{0833E029-50E9-4440-9320-ED665044B9E0}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{0833E029-50E9-4440-9320-ED665044B9E0}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{0833E029-50E9-4440-9320-ED665044B9E0}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{0BD4410C-446A-46E9-9637-FB5F570F897B}
    c:\program files\Mozilla Firefox\extensions\{0BD4410C-446A-46E9-9637-FB5F570F897B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{0BD4410C-446A-46E9-9637-FB5F570F897B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{0BD4410C-446A-46E9-9637-FB5F570F897B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{12AA9BA7-8CA8-4D33-941F-B397993807A2}
    c:\program files\Mozilla Firefox\extensions\{12AA9BA7-8CA8-4D33-941F-B397993807A2}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{12AA9BA7-8CA8-4D33-941F-B397993807A2}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{12AA9BA7-8CA8-4D33-941F-B397993807A2}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{1361CE0A-2262-49A4-974D-01726A31D593}
    c:\program files\Mozilla Firefox\extensions\{1361CE0A-2262-49A4-974D-01726A31D593}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1361CE0A-2262-49A4-974D-01726A31D593}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{1361CE0A-2262-49A4-974D-01726A31D593}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}
     
  6. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    combo log part 2

    -4D53-8418-0765B938859F}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}
    c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}
    c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}
    c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}
    c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}
    c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}
    c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}
    c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}
    c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}
    c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}
    c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}
    c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}
    c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}
    c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}
    c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}
    c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}
    c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}
    c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}
    c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}
    c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}
    c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}
    c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}
    c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}
    c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}
    c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}
    c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}
    c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}
    c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}
    c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}
    c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}
    c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}
    c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}
    c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}
    c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}
    c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}
    c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}
    c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}
    c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}
    c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}
    c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}
    c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}
    c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}
    c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}
    c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}
    c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}
    c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}
    c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}
    c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}
    c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}
    c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}
    c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}
    c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}
    c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}
    c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}
    c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}
    c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}
    c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}
    c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}
    c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}
    c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}
    c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}
    c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}
    c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}
    c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}
    c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}
    c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}
    c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}
    c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}
    c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}
    c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}
    c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}
    c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}
    c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}
    c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\install.rdf
     
  7. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    combo part 2

    c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}
    c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}
    c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}
    c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}
    c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}
    c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}
    c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}
    c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}
    c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}
    c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}
    c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}
    c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}
    c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}
    c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}
    c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}
    c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}
    c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}
    c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}
    c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}
    c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}
    c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}
    c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}
    c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}
    c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}
    c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}
    c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}
    c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}
    c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}
    c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}
    c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}
    c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}
    c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}
    c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}
    c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}
    c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}
    c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}
    c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}
    c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}
    c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}
    c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}
    c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}
    c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}
    c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}
    c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}
    c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}
    c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}
    c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}
    c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}
    c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}
    c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}
    c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}
    c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}
    c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}
    c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}
    c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}
    c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}
    c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}
    c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}
    c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}
    c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}
    c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}
    c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}
    c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}
    c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}
    c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}
    c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}
    c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}
    c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}
    c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}
    c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}
    c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}
    c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}
    c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}
    c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{8CAF0693-3D25-45A5-B365-3EE8C93246C2}
    c:\program files\Mozilla Firefox\extensions\{8CAF0693-3D25-45A5-B365-3EE8C93246C2}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{8CAF0693-3D25-45A5-B365-3EE8C93246C2}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{8CAF0693-3D25-45A5-B365-3EE8C93246C2}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{8E7554D3-8E06-4410-AE9F-5EFA4FEF12B2}
    c:\program files\Mozilla Firefox\extensions\{8E7554D3-8E06-4410-AE9F-5EFA4FEF12B2}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{8E7554D3-8E06-4410-AE9F-5EFA4FEF12B2}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{8E7554D3-8E06-4410-AE9F-5EFA4FEF12B2}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{8E8D17D3-B7BC-47E7-A626-C40B64128CF5}
    c:\program files\Mozilla Firefox\extensions\{8E8D17D3-B7BC-47E7-A626-C40B64128CF5}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{8E8D17D3-B7BC-47E7-A626-C40B64128CF5}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{8E8D17D3-B7BC-47E7-A626-C40B64128CF5}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{8FA3FFAB-50FC-4BB8-87E4-0151CC9D464D}
    c:\program files\Mozilla Firefox\extensions\{8FA3FFAB-50FC-4BB8-87E4-0151CC9D464D}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{8FA3FFAB-50FC-4BB8-87E4-0151CC9D464D}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{8FA3FFAB-50FC-4BB8-87E4-0151CC9D464D}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{8FA901CA-23B4-49A6-8E3B-04722049F9FD}
    c:\program files\Mozilla Firefox\extensions\{8FA901CA-23B4-49A6-8E3B-04722049F9FD}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{8FA901CA-23B4-49A6-8E3B-04722049F9FD}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{8FA901CA-23B4-49A6-8E3B-04722049F9FD}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{9196719B-69D5-408E-A5C0-D42553C5ED09}
    c:\program files\Mozilla Firefox\extensions\{9196719B-69D5-408E-A5C0-D42553C5ED09}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{9196719B-69D5-408E-A5C0-D42553C5ED09}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{9196719B-69D5-408E-A5C0-D42553C5ED09}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{937B631A-A278-4895-A1A7-6EC391B1932C}
    c:\program files\Mozilla Firefox\extensions\{937B631A-A278-4895-A1A7-6EC391B1932C}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{937B631A-A278-4895-A1A7-6EC391B1932C}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{937B631A-A278-4895-A1A7-6EC391B1932C}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{99CED21A-DC0B-4715-9D2C-CFBE472679B7}
    c:\program files\Mozilla Firefox\extensions\{99CED21A-DC0B-4715-9D2C-CFBE472679B7}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{99CED21A-DC0B-4715-9D2C-CFBE472679B7}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{99CED21A-DC0B-4715-9D2C-CFBE472679B7}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{9C90AB4C-3E33-4336-887F-D783184B7E6B}
    c:\program files\Mozilla Firefox\extensions\{9C90AB4C-3E33-4336-887F-D783184B7E6B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{9C90AB4C-3E33-4336-887F-D783184B7E6B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{9C90AB4C-3E33-4336-887F-D783184B7E6B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{9E076F0C-C806-4C95-9297-B5DB532EA936}
    c:\program files\Mozilla Firefox\extensions\{9E076F0C-C806-4C95-9297-B5DB532EA936}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{9E076F0C-C806-4C95-9297-B5DB532EA936}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{9E076F0C-C806-4C95-9297-B5DB532EA936}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{A04D48F6-CB2B-4D7D-9CC0-0089ADF8774F}
    c:\program files\Mozilla Firefox\extensions\{A04D48F6-CB2B-4D7D-9CC0-0089ADF8774F}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{A04D48F6-CB2B-4D7D-9CC0-0089ADF8774F}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{A04D48F6-CB2B-4D7D-9CC0-0089ADF8774F}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{A68DEEC4-443E-4A6A-A843-A729BD4CE2F8}
    c:\program files\Mozilla Firefox\extensions\{A68DEEC4-443E-4A6A-A843-A729BD4CE2F8}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{A68DEEC4-443E-4A6A-A843-A729BD4CE2F8}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{A68DEEC4-443E-4A6A-A843-A729BD4CE2F8}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{A7DBB34F-1900-41E1-87F4-262335A8A768}
    c:\program files\Mozilla Firefox\extensions\{A7DBB34F-1900-41E1-87F4-262335A8A768}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{A7DBB34F-1900-41E1-87F4-262335A8A768}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{A7DBB34F-1900-41E1-87F4-262335A8A768}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{A7F46E79-6B04-42BD-804B-765BB335A9FC}
    c:\program files\Mozilla Firefox\extensions\{A7F46E79-6B04-42BD-804B-765BB335A9FC}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{A7F46E79-6B04-42BD-804B-765BB335A9FC}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{A7F46E79-6B04-42BD-804B-765BB335A9FC}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{A9FF6692-D707-42DC-86F9-AE309E80B32F}
    c:\program files\Mozilla Firefox\extensions\{A9FF6692-D707-42DC-86F9-AE309E80B32F}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{A9FF6692-D707-42DC-86F9-AE309E80B32F}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{A9FF6692-D707-42DC-86F9-AE309E80B32F}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{AC080564-5436-4EE2-B482-BF710875CC81}
    c:\program files\Mozilla Firefox\extensions\{AC080564-5436-4EE2-B482-BF710875CC81}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{AC080564-5436-4EE2-B482-BF710875CC81}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{AC080564-5436-4EE2-B482-BF710875CC81}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{AECA3E95-D929-4181-9F36-7E3E55A70747}
    c:\program files\Mozilla Firefox\extensions\{AECA3E95-D929-4181-9F36-7E3E55A70747}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{AECA3E95-D929-4181-9F36-7E3E55A70747}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{AECA3E95-D929-4181-9F36-7E3E55A70747}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{AEED930C-08CC-45D1-93B5-74F16632BB41}
    c:\program files\Mozilla Firefox\extensions\{AEED930C-08CC-45D1-93B5-74F16632BB41}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{AEED930C-08CC-45D1-93B5-74F16632BB41}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{AEED930C-08CC-45D1-93B5-74F16632BB41}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{B209F473-ED50-45CB-9672-9AE4EFC54D51}
    c:\program files\Mozilla Firefox\extensions\{B209F473-ED50-45CB-9672-9AE4EFC54D51}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{B209F473-ED50-45CB-9672-9AE4EFC54D51}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{B209F473-ED50-45CB-9672-9AE4EFC54D51}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{B2A9F037-95B5-438A-9625-1B72CFB71292}
    c:\program files\Mozilla Firefox\extensions\{B2A9F037-95B5-438A-9625-1B72CFB71292}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{B2A9F037-95B5-438A-9625-1B72CFB71292}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{B2A9F037-95B5-438A-9625-1B72CFB71292}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{B2EAB5BE-B6D4-452B-80DF-73BDE0E04D56}
    c:\program files\Mozilla Firefox\extensions\{B2EAB5BE-B6D4-452B-80DF-73BDE0E04D56}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{B2EAB5BE-B6D4-452B-80DF-73BDE0E04D56}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{B2EAB5BE-B6D4-452B-80DF-73BDE0E04D56}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{B33319FB-B438-420D-BB5D-19D5EFDB962B}
    c:\program files\Mozilla Firefox\extensions\{B33319FB-B438-420D-BB5D-19D5EFDB962B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{B33319FB-B438-420D-BB5D-19D5EFDB962B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{B33319FB-B438-420D-BB5D-19D5EFDB962B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{B40757AC-CE09-4B4D-9DD6-D86598E6CA76}
    c:\program files\Mozilla Firefox\extensions\{B40757AC-CE09-4B4D-9DD6-D86598E6CA76}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{B40757AC-CE09-4B4D-9DD6-D86598E6CA76}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{B40757AC-CE09-4B4D-9DD6-D86598E6CA76}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{B4BA9D07-C3B3-4808-8B52-D8A0FAFEB47C}
    c:\program files\Mozilla Firefox\extensions\{B4BA9D07-C3B3-4808-8B52-D8A0FAFEB47C}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{B4BA9D07-C3B3-4808-8B52-D8A0FAFEB47C}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{B4BA9D07-C3B3-4808-8B52-D8A0FAFEB47C}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{B70A7374-B9A1-4811-80E4-54B56DADD675}
    c:\program files\Mozilla Firefox\extensions\{B70A7374-B9A1-4811-80E4-54B56DADD675}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{B70A7374-B9A1-4811-80E4-54B56DADD675}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{B70A7374-B9A1-4811-80E4-54B56DADD675}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{B7BEDC3E-2253-4A9D-B234-5AA54FAAAF7C}
    c:\program files\Mozilla Firefox\extensions\{B7BEDC3E-2253-4A9D-B234-5AA54FAAAF7C}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{B7BEDC3E-2253-4A9D-B234-5AA54FAAAF7C}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{B7BEDC3E-2253-4A9D-B234-5AA54FAAAF7C}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{B8D75CAA-E343-4421-804C-00C6B0CC28CA}
    c:\program files\Mozilla Firefox\extensions\{B8D75CAA-E343-4421-804C-00C6B0CC28CA}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{B8D75CAA-E343-4421-804C-00C6B0CC28CA}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{B8D75CAA-E343-4421-804C-00C6B0CC28CA}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{BA2C1399-D8D5-4A6F-A7E9-B935E50FC458}
    c:\program files\Mozilla Firefox\extensions\{BA2C1399-D8D5-4A6F-A7E9-B935E50FC458}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{BA2C1399-D8D5-4A6F-A7E9-B935E50FC458}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{BA2C1399-D8D5-4A6F-A7E9-B935E50FC458}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{BC55615B-5019-4E47-9B7E-1F4DB30C27E3}
    c:\program files\Mozilla Firefox\extensions\{BC55615B-5019-4E47-9B7E-1F4DB30C27E3}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{BC55615B-5019-4E47-9B7E-1F4DB30C27E3}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{BC55615B-5019-4E47-9B7E-1F4DB30C27E3}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{BDF54CB7-18AD-498B-94C3-D735A4CFDCA3}
    c:\program files\Mozilla Firefox\extensions\{BDF54CB7-18AD-498B-94C3-D735A4CFDCA3}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{BDF54CB7-18AD-498B-94C3-D735A4CFDCA3}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{BDF54CB7-18AD-498B-94C3-D735A4CFDCA3}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{C01305CB-9411-443D-A4E7-A4E51D1774D7}
    c:\program files\Mozilla Firefox\extensions\{C01305CB-9411-443D-A4E7-A4E51D1774D7}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{C01305CB-9411-443D-A4E7-A4E51D1774D7}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{C01305CB-9411-443D-A4E7-A4E51D1774D7}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{C0978E47-14F7-4600-B4D5-316AE7F9EC66}
    c:\program files\Mozilla Firefox\extensions\{C0978E47-14F7-4600-B4D5-316AE7F9EC66}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{C0978E47-14F7-4600-B4D5-316AE7F9EC66}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{C0978E47-14F7-4600-B4D5-316AE7F9EC66}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{C1D6F9B7-5449-42AF-B697-499849A983C6}
    c:\program files\Mozilla Firefox\extensions\{C1D6F9B7-5449-42AF-B697-499849A983C6}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{C1D6F9B7-5449-42AF-B697-499849A983C6}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{C1D6F9B7-5449-42AF-B697-499849A983C6}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{C287D95B-4512-4E7C-8249-839353B56241}
    c:\program files\Mozilla Firefox\extensions\{C287D95B-4512-4E7C-8249-839353B56241}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{C287D95B-4512-4E7C-8249-839353B56241}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{C287D95B-4512-4E7C-8249-839353B56241}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{C5EF7C20-E3AD-4E2A-BA23-885E05481821}
    c:\program files\Mozilla Firefox\extensions\{C5EF7C20-E3AD-4E2A-BA23-885E05481821}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{C5EF7C20-E3AD-4E2A-BA23-885E05481821}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{C5EF7C20-E3AD-4E2A-BA23-885E05481821}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{C6C435C7-BAFC-44F0-861B-5ECEB7F1202D}
    c:\program files\Mozilla Firefox\extensions\{C6C435C7-BAFC-44F0-861B-5ECEB7F1202D}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{C6C435C7-BAFC-44F0-861B-5ECEB7F1202D}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{C6C435C7-BAFC-44F0-861B-5ECEB7F1202D}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{C78CDF2A-88B6-47C6-9BCA-E74F4B2B62CE}
    c:\program files\Mozilla Firefox\extensions\{C78CDF2A-88B6-47C6-9BCA-E74F4B2B62CE}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{C78CDF2A-88B6-47C6-9BCA-E74F4B2B62CE}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{C78CDF2A-88B6-47C6-9BCA-E74F4B2B62CE}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{CA3FA276-2745-4F48-B252-E986607062C2}
    c:\program files\Mozilla Firefox\extensions\{CA3FA276-2745-4F48-B252-E986607062C2}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{CA3FA276-2745-4F48-B252-E986607062C2}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{CA3FA276-2745-4F48-B252-E986607062C2}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{CE90C2D1-2094-47DC-88C5-9D4C457CA809}
    c:\program files\Mozilla Firefox\extensions\{CE90C2D1-2094-47DC-88C5-9D4C457CA809}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{CE90C2D1-2094-47DC-88C5-9D4C457CA809}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{CE90C2D1-2094-47DC-88C5-9D4C457CA809}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{D06AAE05-E85E-476C-98AF-E60365883740}
    c:\program files\Mozilla Firefox\extensions\{D06AAE05-E85E-476C-98AF-E60365883740}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{D06AAE05-E85E-476C-98AF-E60365883740}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{D06AAE05-E85E-476C-98AF-E60365883740}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{D1AA4CA0-14DD-4364-9973-E6602CB943FB}
    c:\program files\Mozilla Firefox\extensions\{D1AA4CA0-14DD-4364-9973-E6602CB943FB}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{D1AA4CA0-14DD-4364-9973-E6602CB943FB}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{D1AA4CA0-14DD-4364-9973-E6602CB943FB}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{D34CED12-D517-4B40-A00C-2A1B06EBBB45}
    c:\program files\Mozilla Firefox\extensions\{D34CED12-D517-4B40-A00C-2A1B06EBBB45}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{D34CED12-D517-4B40-A00C-2A1B06EBBB45}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{D34CED12-D517-4B40-A00C-2A1B06EBBB45}\install.rdf
     
  8. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    conbo part 3

    c:\program files\Mozilla Firefox\extensions\{D7118CD7-9DD6-4B4B-9E99-269111A0B0F9}
    c:\program files\Mozilla Firefox\extensions\{D7118CD7-9DD6-4B4B-9E99-269111A0B0F9}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{D7118CD7-9DD6-4B4B-9E99-269111A0B0F9}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{D7118CD7-9DD6-4B4B-9E99-269111A0B0F9}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{D8AEF3F4-A736-4960-AD3F-6CCFDCE6BE5A}
    c:\program files\Mozilla Firefox\extensions\{D8AEF3F4-A736-4960-AD3F-6CCFDCE6BE5A}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{D8AEF3F4-A736-4960-AD3F-6CCFDCE6BE5A}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{D8AEF3F4-A736-4960-AD3F-6CCFDCE6BE5A}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{D9907070-54AA-499E-8D25-83244F5DD55B}
    c:\program files\Mozilla Firefox\extensions\{D9907070-54AA-499E-8D25-83244F5DD55B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{D9907070-54AA-499E-8D25-83244F5DD55B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{D9907070-54AA-499E-8D25-83244F5DD55B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{DB4F91E3-2946-4F53-9339-04F05B27979E}
    c:\program files\Mozilla Firefox\extensions\{DB4F91E3-2946-4F53-9339-04F05B27979E}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{DB4F91E3-2946-4F53-9339-04F05B27979E}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{DB4F91E3-2946-4F53-9339-04F05B27979E}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{DB6047BE-EAA1-4BF5-9397-9714DA314FBC}
    c:\program files\Mozilla Firefox\extensions\{DB6047BE-EAA1-4BF5-9397-9714DA314FBC}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{DB6047BE-EAA1-4BF5-9397-9714DA314FBC}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{DB6047BE-EAA1-4BF5-9397-9714DA314FBC}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{DBF68E4A-BC87-4E36-BA91-F74F1BD25C85}
    c:\program files\Mozilla Firefox\extensions\{DBF68E4A-BC87-4E36-BA91-F74F1BD25C85}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{DBF68E4A-BC87-4E36-BA91-F74F1BD25C85}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{DBF68E4A-BC87-4E36-BA91-F74F1BD25C85}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{DD011EA9-2166-412A-B356-4F42302A920B}
    c:\program files\Mozilla Firefox\extensions\{DD011EA9-2166-412A-B356-4F42302A920B}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{DD011EA9-2166-412A-B356-4F42302A920B}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{DD011EA9-2166-412A-B356-4F42302A920B}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{DD39EA66-A6AD-4EE2-8E65-FA3AD2E33193}
    c:\program files\Mozilla Firefox\extensions\{DD39EA66-A6AD-4EE2-8E65-FA3AD2E33193}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{DD39EA66-A6AD-4EE2-8E65-FA3AD2E33193}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{DD39EA66-A6AD-4EE2-8E65-FA3AD2E33193}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{E26819A9-322C-4D7C-9AA2-13BBBA5BEAEB}
    c:\program files\Mozilla Firefox\extensions\{E26819A9-322C-4D7C-9AA2-13BBBA5BEAEB}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{E26819A9-322C-4D7C-9AA2-13BBBA5BEAEB}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{E26819A9-322C-4D7C-9AA2-13BBBA5BEAEB}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{E4620A0D-5743-4FE8-A203-3FA18D66E836}
    c:\program files\Mozilla Firefox\extensions\{E4620A0D-5743-4FE8-A203-3FA18D66E836}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{E4620A0D-5743-4FE8-A203-3FA18D66E836}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{E4620A0D-5743-4FE8-A203-3FA18D66E836}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{E4C1CFE2-D066-477F-B683-04B3B40F71FB}
    c:\program files\Mozilla Firefox\extensions\{E4C1CFE2-D066-477F-B683-04B3B40F71FB}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{E4C1CFE2-D066-477F-B683-04B3B40F71FB}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{E4C1CFE2-D066-477F-B683-04B3B40F71FB}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{ED5DD791-191B-4DB4-A875-A7E4EB74ACCD}
    c:\program files\Mozilla Firefox\extensions\{ED5DD791-191B-4DB4-A875-A7E4EB74ACCD}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{ED5DD791-191B-4DB4-A875-A7E4EB74ACCD}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{ED5DD791-191B-4DB4-A875-A7E4EB74ACCD}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{EE5C3054-B8EE-4C1F-B749-A4CCFE6A7D66}
    c:\program files\Mozilla Firefox\extensions\{EE5C3054-B8EE-4C1F-B749-A4CCFE6A7D66}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{EE5C3054-B8EE-4C1F-B749-A4CCFE6A7D66}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{EE5C3054-B8EE-4C1F-B749-A4CCFE6A7D66}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{EEC76440-A1B0-44D8-B1A6-F30BD160E2D2}
    c:\program files\Mozilla Firefox\extensions\{EEC76440-A1B0-44D8-B1A6-F30BD160E2D2}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{EEC76440-A1B0-44D8-B1A6-F30BD160E2D2}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{EEC76440-A1B0-44D8-B1A6-F30BD160E2D2}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{F2EA09B9-0682-4933-AA7E-496609DBD477}
    c:\program files\Mozilla Firefox\extensions\{F2EA09B9-0682-4933-AA7E-496609DBD477}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{F2EA09B9-0682-4933-AA7E-496609DBD477}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{F2EA09B9-0682-4933-AA7E-496609DBD477}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{F39CDC9C-F20B-485D-948E-098CEA43EF64}
    c:\program files\Mozilla Firefox\extensions\{F39CDC9C-F20B-485D-948E-098CEA43EF64}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{F39CDC9C-F20B-485D-948E-098CEA43EF64}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{F39CDC9C-F20B-485D-948E-098CEA43EF64}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{F5FBE231-3405-4D00-B3AB-02E2D96B84AA}
    c:\program files\Mozilla Firefox\extensions\{F5FBE231-3405-4D00-B3AB-02E2D96B84AA}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{F5FBE231-3405-4D00-B3AB-02E2D96B84AA}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{F5FBE231-3405-4D00-B3AB-02E2D96B84AA}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{F6F50B53-A45A-44B2-8BE1-CBE2077F1278}
    c:\program files\Mozilla Firefox\extensions\{F6F50B53-A45A-44B2-8BE1-CBE2077F1278}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{F6F50B53-A45A-44B2-8BE1-CBE2077F1278}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{F6F50B53-A45A-44B2-8BE1-CBE2077F1278}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{F8A5A1DD-4639-4719-B458-C85D0754EF14}
    c:\program files\Mozilla Firefox\extensions\{F8A5A1DD-4639-4719-B458-C85D0754EF14}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{F8A5A1DD-4639-4719-B458-C85D0754EF14}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{F8A5A1DD-4639-4719-B458-C85D0754EF14}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{FA9A8556-7302-4EAF-BEC7-A08E89175F41}
    c:\program files\Mozilla Firefox\extensions\{FA9A8556-7302-4EAF-BEC7-A08E89175F41}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{FA9A8556-7302-4EAF-BEC7-A08E89175F41}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{FA9A8556-7302-4EAF-BEC7-A08E89175F41}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{FD252D62-79D6-4B07-9AAC-799D5B0B7E8F}
    c:\program files\Mozilla Firefox\extensions\{FD252D62-79D6-4B07-9AAC-799D5B0B7E8F}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{FD252D62-79D6-4B07-9AAC-799D5B0B7E8F}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{FD252D62-79D6-4B07-9AAC-799D5B0B7E8F}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{FF8B68FD-77D8-464B-A29C-F0BD0E47160A}
    c:\program files\Mozilla Firefox\extensions\{FF8B68FD-77D8-464B-A29C-F0BD0E47160A}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{FF8B68FD-77D8-464B-A29C-F0BD0E47160A}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{FF8B68FD-77D8-464B-A29C-F0BD0E47160A}\install.rdf
    c:\windows\system32\dmlconf.dat
    C:\xcrashdump.dat

    c:\windows\system32\winlogon.exe . . . is infected!!

    c:\windows\explorer.exe . . . is infected!!

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
    .

    2010-11-14 21:27 . 2010-11-14 21:27 -------- d-----w- c:\documents and settings\admin\Application Data\AVG10
    2010-11-11 12:26 . 2010-11-11 12:26 -------- d-----w- c:\documents and settings\Shelley.COGGER\Local Settings\Application Data\Google
    2010-11-11 04:45 . 2010-11-11 10:52 -------- d-----w- c:\program files\win
    2010-11-11 02:16 . 2010-11-11 02:16 -------- d-----w- c:\documents and settings\Shelley.COGGER\Application Data\AVG10
    2010-11-10 20:43 . 2010-11-10 20:43 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Local Settings\Application Data\Google
    2010-11-08 21:33 . 2010-11-08 21:33 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Application Data\AVG10
    2010-11-05 21:59 . 2010-11-05 21:59 -------- d-----w- C:\$AVG
    2010-11-05 21:56 . 2010-11-05 21:56 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
    2010-11-05 21:50 . 2010-11-05 21:50 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\AVG10
    2010-11-05 21:27 . 2010-11-14 23:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
    2010-11-05 21:09 . 2010-11-05 21:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
    2010-11-05 13:01 . 2010-11-05 22:34 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Fydy
    2010-11-05 13:01 . 2010-11-05 13:01 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Rewi
    2010-11-05 02:53 . 2010-11-05 22:34 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Quwe
    2010-11-05 02:53 . 2010-11-05 02:53 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Ezud
    2010-11-04 11:42 . 2010-11-05 02:54 -------- d-----w- c:\program files\tmp
    2010-11-03 01:01 . 2010-11-05 22:34 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Icwega
    2010-11-03 01:01 . 2010-11-05 01:45 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Kuimx

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    [-] 2006-02-28 . 97D9234AB9D371B88A9F74A63F6187F9 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    [-] 2006-02-28 . 1D79D5D451DA171D76FF06D4607C4B2B . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware.exe" [2010-11-04 2424560]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-10-29 11:20 548352 ----a-w- d:\program files\SASWINLO.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^Alex.COGGER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Alex.COGGER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Net Assistant.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Net Assistant.lnk
    backup=c:\windows\pss\Net Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
    path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
    backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Office Startup.lnk]
    path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Office Startup.lnk
    backup=c:\windows\pss\Office Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
    2006-11-17 20:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2005-08-08 06:10 16384 ----a-w- c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
    1999-10-11 01:00 41984 ----a-w- c:\windows\Ctregrun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
    2007-05-30 17:52 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2005-08-08 06:10 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    1998-11-30 21:04 497376 ----a-w- c:\windows\p_981116.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-12-08 18:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    1937-09-16 12:52 438359 ----a-r- c:\progra~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-04 04:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
    2005-08-08 05:51 25600 ----a-w- c:\windows\MIDIDEF.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-08-20 01:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-08-08 01:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\new steam\\Steam.exe"=
    "c:\\new steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [8/5/2009 3:06 PM 12872]
    R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [8/5/2009 3:06 PM 67656]
    R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [4/16/2010 7:16 PM 36981]
    R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [5/3/2010 8:10 PM 31872]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [8/4/2009 8:33 PM 28672]
    R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
    R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
    R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" --> c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [?]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
    S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [8/5/2009 3:06 PM 12872]
    S4 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2009 9:46 PM 133104]
    S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [3/15/2010 7:25 PM 51840]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - Avgldx86
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-19 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 01:44]

    2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]

    2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.aliant.net
    uInternet Settings,ProxyOverride = 127.0.0.1
    Trusted Zone: aol.com\free
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    HKLM-Run-AudioDrvEmulator - c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
    MSConfigStartUp-Adobe Reader Speed Launcher - d:\program files\Reader\Reader_sl.exe
    MSConfigStartUp-ALi5289 - c:\program files\ULI5289\ALi5289.exe
    MSConfigStartUp-amtbashl - c:\documents and settings\Jonathan.COGGER\Local Settings\Application Data\vsfehylpn\nwcwaajtssd.exe
    MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
    MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
    MSConfigStartUp-Creative Detector - c:\program files\Creative\MediaSource\Detector\CTDetect.exe
    MSConfigStartUp-CTDVDDET - c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    MSConfigStartUp-LVCOMS - c:\windows\system32\LVCOMS.EXE
    MSConfigStartUp-nonep - c:\docume~1\JONATH~1.COG\LOCALS~1\Temp\tmp6c885fa5\r_KillEXE.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
    MSConfigStartUp-RCSystem - c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
    MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
    MSConfigStartUp-UnlockerAssistant - d:\program files\Unlocker\UnlockerAssistant.exe
    MSConfigStartUp-VolPanel - c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    MSConfigStartUp-{D4464CD8-4587-82F6-F544-B7922534C6D1} - c:\documents and settings\Dave.COGGER\Application Data\Orgiuh\uvnod.exe
    AddRemove-All ATI Software - c:\program files\ATI Technologies\UninstallAll\AtiCimUn.exe
    AddRemove-InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
    AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe
    AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update\\rnuninst.exe
    AddRemove-Sound Blaster X-Fi Windows Drivers - c:\program files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE
    AddRemove-Unlocker - d:\program files\Unlocker\uninst.exe
    AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-14 20:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(788)
    d:\program files\SASWINLO.DLL
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-11-14 20:03:41
    ComboFix-quarantined-files.txt 2010-11-15 00:03

    Pre-Run: 18,907,873,280 bytes free
    Post-Run: 18,918,178,816 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - A9FDA6CE69BF1483C7547CD40E5FFAC9
     
  9. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Do you have Windows XP CD?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\documents and settings\Dave.COGGER\Application Data\Fydy
    c:\documents and settings\Dave.COGGER\Application Data\Rewi
    c:\documents and settings\Dave.COGGER\Application Data\Quwe
    c:\documents and settings\Dave.COGGER\Application Data\Ezud
    c:\documents and settings\Dave.COGGER\Application Data\Icwega
    c:\documents and settings\Dave.COGGER\Application Data\Kuimx
    
    
    DDS::
    uInternet Settings,ProxyOverride = 127.0.0.1
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  10. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    combo log after CFscript

    ComboFix 10-11-14.01 - Dave 11/15/2010 16:57:56.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.731 [GMT -4:00]
    Running from: c:\documents and settings\Dave.COGGER\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Dave.COGGER\Desktop\CFScript.txt
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Dave.COGGER\Application Data\Ezud
    c:\documents and settings\Dave.COGGER\Application Data\Fydy
    c:\documents and settings\Dave.COGGER\Application Data\Icwega
    c:\documents and settings\Dave.COGGER\Application Data\Kuimx
    c:\documents and settings\Dave.COGGER\Application Data\Quwe
    c:\documents and settings\Dave.COGGER\Application Data\Rewi

    c:\windows\system32\winlogon.exe . . . is infected!!

    c:\windows\explorer.exe . . . is infected!!

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
    .

    2010-11-15 21:02 . 2010-11-15 21:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
    2010-11-14 22:31 . 2010-11-14 22:31 -------- d-----w- c:\documents and settings\Alex.COGGER\Application Data\AVG10
    2010-11-14 22:29 . 2010-11-14 22:29 -------- d-----w- c:\documents and settings\Nic\Application Data\AVG10
    2010-11-14 21:27 . 2010-11-14 21:27 -------- d-----w- c:\documents and settings\admin\Application Data\AVG10
    2010-11-11 12:26 . 2010-11-11 12:26 -------- d-----w- c:\documents and settings\Shelley.COGGER\Local Settings\Application Data\Google
    2010-11-11 04:45 . 2010-11-11 10:52 -------- d-----w- c:\program files\win
    2010-11-11 02:16 . 2010-11-11 02:16 -------- d-----w- c:\documents and settings\Shelley.COGGER\Application Data\AVG10
    2010-11-10 20:43 . 2010-11-10 20:43 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Local Settings\Application Data\Google
    2010-11-08 21:33 . 2010-11-08 21:33 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Application Data\AVG10
    2010-11-05 21:59 . 2010-11-05 21:59 -------- d-----w- C:\$AVG
    2010-11-05 21:56 . 2010-11-05 21:56 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
    2010-11-05 21:50 . 2010-11-05 21:50 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\AVG10
    2010-11-05 21:27 . 2010-11-14 23:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
    2010-11-05 21:09 . 2010-11-05 21:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
    2010-11-04 11:42 . 2010-11-05 02:54 -------- d-----w- c:\program files\tmp

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    [-] 2006-02-28 . 97D9234AB9D371B88A9F74A63F6187F9 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    [-] 2006-02-28 . 1D79D5D451DA171D76FF06D4607C4B2B . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-11-15_00.02.22 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2004-08-04 10:00 . 2010-11-14 23:48 67312 c:\windows\system32\perfc009.dat
    + 2004-08-04 10:00 . 2010-11-15 20:51 67312 c:\windows\system32\perfc009.dat
    + 2010-11-15 20:48 . 2010-11-15 20:48 21504 c:\windows\Installer\25a50.msi
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe
    + 2004-08-04 10:00 . 2010-11-15 20:51 432356 c:\windows\system32\perfh009.dat
    - 2004-08-04 10:00 . 2010-11-14 23:48 432356 c:\windows\system32\perfh009.dat
    + 2010-11-15 21:02 . 2010-11-15 21:02 1223680 c:\windows\Installer\ca060.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware.exe" [2010-11-04 2424560]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-10-29 11:20 548352 ----a-w- d:\program files\SASWINLO.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^Alex.COGGER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Alex.COGGER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Net Assistant.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Net Assistant.lnk
    backup=c:\windows\pss\Net Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
    path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
    backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Office Startup.lnk]
    path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Office Startup.lnk
    backup=c:\windows\pss\Office Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
    2006-11-17 20:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2005-08-08 06:10 16384 ----a-w- c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
    1999-10-11 01:00 41984 ----a-w- c:\windows\Ctregrun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
    2007-05-30 17:52 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2005-08-08 06:10 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    1998-11-30 21:04 497376 ----a-w- c:\windows\p_981116.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-12-08 18:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    1937-09-16 12:52 438359 ----a-r- c:\progra~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-04 04:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
    2005-08-08 05:51 25600 ----a-w- c:\windows\MIDIDEF.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-08-20 01:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-08-08 01:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\new steam\\Steam.exe"=
    "c:\\new steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [8/5/2009 3:06 PM 12872]
    R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [8/5/2009 3:06 PM 67656]
    R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [4/16/2010 7:16 PM 36981]
    R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [5/3/2010 8:10 PM 31872]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [8/4/2009 8:33 PM 28672]
    S2 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2009 9:46 PM 133104]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" --> c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [?]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
    S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [8/5/2009 3:06 PM 12872]
    S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [3/15/2010 7:25 PM 51840]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-19 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 01:44]

    2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]

    2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.aliant.net
    Trusted Zone: aol.com\free
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-15 17:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(616)
    d:\program files\SASWINLO.DLL
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-11-15 17:09:49
    ComboFix-quarantined-files.txt 2010-11-15 21:09
    ComboFix2.txt 2010-11-15 00:03

    Pre-Run: 18,906,468,352 bytes free
    Post-Run: 18,835,148,800 bytes free

    - - End Of File - - AE0220E94433923D8BF91B0984CD5651
     
  11. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    We still have those two Windows files infected. Let's see, if we can find replacements.
    Do you have Windows XP CD?

    Download OTL to your Desktop.

    Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Use the following settings:

    • Check Scan All Users.
    • For Processes choose none.
    • For Modules choose none.
    • For Services choose none.
    • For Drivers choose none.
    • For Standard Registry choose none.
    • For Extra Registry choose none.
    • For Files Created Within choose none.
    • For Files Modified Within choose none.
    • Under Custom Scans/Fixes paste:
    Code:
    /md5start
    winlogon.exe
    explorer.exe
    /md5stop
    • Finally hit Run Scan and wait for the log to open.
    • Please post the content of the log into your next reply.
     
     
  12. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    OTL log

    OTL logfile created on: 11/15/2010 8:47:15 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Dave.COGGER\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 670.00 Mb Available Physical Memory | 66.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 17.56 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
    Drive D: | 186.31 Gb Total Space | 47.38 Gb Free Space | 25.43% Space Free | Partition Type: NTFS
    Drive F: | 1001.26 Mb Total Space | 376.35 Mb Free Space | 37.59% Space Free | Partition Type: FAT32

    Computer Name: COGGER | User Name: Dave | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Custom Scans ==========



    < MD5 for: EXPLORER.EXE >
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    [2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=1D79D5D451DA171D76FF06D4607C4B2B -- C:\WINDOWS\explorer.exe

    < MD5 for: WINLOGON.EXE >
    [2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=97D9234AB9D371B88A9F74A63F6187F9 -- C:\WINDOWS\system32\winlogon.exe
    [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 47,704   +268

     
  14. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    Yes Win XP Home Ed.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Good.
    Let's double check something...

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    - C:\WINDOWS\explorer.exe
    - C:\WINDOWS\system32\winlogon.exe
    - C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  16. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    File name:
    winlogon.exe
    Submission date:
    2010-11-16 01:31:38 (UTC)
    Current status:
    queued queued analysing finished
    Result:
    0/ 43 (0.0%)
     
  17. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    File name:
    explorer.exe
    Submission date:
    2010-11-16 01:39:56 (UTC)
    Current status:
    queued (#6) queued (#6) analysing finished
    Result:
    0/ 43 (0.0%)
     
  18. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    C:\WINDOWS\explorer.exe when i tried to upload this file to VT it tried to upload and then went back
    to the upload window [browse]

    When i opened the file above to check its properties pc hung and the desktop icons disappeared.
     
  19. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    The explorer.exe that passed the analysis is the one located under s/w dist.
     
  20. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    OK, good.
    Let's try to replace both files...

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe | C:\WINDOWS\explorer.exe
    C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe | C:\WINDOWS\system32\winlogon.exe
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  21. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    same with winlogon.exe i couldn't u/l it to VT.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Follow my previous reply, if you didn't notice it.
     
  23. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    ComboFix 10-11-14.01 - Dave 11/15/2010 22:10:40.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.735 [GMT -4:00]
    Running from: c:\documents and settings\Dave.COGGER\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Dave.COGGER\Desktop\CFScript.txt
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\TEMP\explorer.dat

    c:\windows\system32\winlogon.exe . . . is infected!!

    c:\windows\explorer.exe . . . is infected!!

    .
    --------------- FCopy ---------------

    c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe --> c:\windows\explorer.exe
    c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe --> c:\windows\system32\winlogon.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
    .

    2010-11-16 01:53 . 2010-11-16 01:53 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Temp
    2010-11-15 21:02 . 2010-11-15 21:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
    2010-11-14 22:31 . 2010-11-14 22:31 -------- d-----w- c:\documents and settings\Alex.COGGER\Application Data\AVG10
    2010-11-14 22:29 . 2010-11-14 22:29 -------- d-----w- c:\documents and settings\Nic\Application Data\AVG10
    2010-11-14 21:27 . 2010-11-14 21:27 -------- d-----w- c:\documents and settings\admin\Application Data\AVG10
    2010-11-11 12:26 . 2010-11-11 12:26 -------- d-----w- c:\documents and settings\Shelley.COGGER\Local Settings\Application Data\Google
    2010-11-11 04:45 . 2010-11-11 10:52 -------- d-----w- c:\program files\win
    2010-11-11 02:16 . 2010-11-11 02:16 -------- d-----w- c:\documents and settings\Shelley.COGGER\Application Data\AVG10
    2010-11-10 20:43 . 2010-11-10 20:43 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Local Settings\Application Data\Google
    2010-11-08 21:33 . 2010-11-08 21:33 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Application Data\AVG10
    2010-11-05 21:59 . 2010-11-05 21:59 -------- d-----w- C:\$AVG
    2010-11-05 21:56 . 2010-11-05 21:56 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
    2010-11-05 21:50 . 2010-11-05 21:50 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\AVG10
    2010-11-05 21:27 . 2010-11-14 23:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
    2010-11-05 21:09 . 2010-11-05 21:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
    2010-11-04 11:42 . 2010-11-05 02:54 -------- d-----w- c:\program files\tmp

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    [-] 2008-04-14 . 548E23C88C1FD9032CEA2A4B46DD6FD7 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

    [-] 2008-04-14 . 4494E27ADDA19F923B454B4F94D03E8B . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-11-15_00.02.22 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2004-08-04 10:00 . 2010-11-14 23:48 67312 c:\windows\system32\perfc009.dat
    + 2004-08-04 10:00 . 2010-11-16 02:01 67312 c:\windows\system32\perfc009.dat
    + 2010-11-15 20:48 . 2010-11-15 20:48 21504 c:\windows\Installer\25a50.msi
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe
    + 2004-08-04 10:00 . 2010-11-16 02:01 432356 c:\windows\system32\perfh009.dat
    - 2004-08-04 10:00 . 2010-11-14 23:48 432356 c:\windows\system32\perfh009.dat
    + 2010-11-15 21:02 . 2010-11-15 21:02 1223680 c:\windows\Installer\ca060.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware.exe" [2010-11-04 2424560]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-10-29 11:20 548352 ----a-w- d:\program files\SASWINLO.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^Alex.COGGER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Alex.COGGER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Net Assistant.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Net Assistant.lnk
    backup=c:\windows\pss\Net Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
    path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
    backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Office Startup.lnk]
    path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Office Startup.lnk
    backup=c:\windows\pss\Office Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
    2006-11-17 20:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2005-08-08 06:10 16384 ----a-w- c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
    1999-10-11 01:00 41984 ----a-w- c:\windows\Ctregrun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
    2007-05-30 17:52 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2005-08-08 06:10 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    1998-11-30 21:04 497376 ----a-w- c:\windows\p_981116.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-12-08 18:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    1937-09-16 12:52 438359 ----a-r- c:\progra~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-04 04:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
    2005-08-08 05:51 25600 ----a-w- c:\windows\MIDIDEF.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-08-20 01:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-08-08 01:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\new steam\\Steam.exe"=
    "c:\\new steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [8/5/2009 3:06 PM 12872]
    R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [8/5/2009 3:06 PM 67656]
    R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [4/16/2010 7:16 PM 36981]
    R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [5/3/2010 8:10 PM 31872]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [8/4/2009 8:33 PM 28672]
    S2 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2009 9:46 PM 133104]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" --> c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [?]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
    S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [8/5/2009 3:06 PM 12872]
    S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [3/15/2010 7:25 PM 51840]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-19 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 01:44]

    2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]

    2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.aliant.net
    uInternet Settings,ProxyOverride = 127.0.0.1
    Trusted Zone: aol.com\free
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-15 22:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(616)
    d:\program files\SASWINLO.DLL
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-11-15 22:20:39
    ComboFix-quarantined-files.txt 2010-11-16 02:20
    ComboFix2.txt 2010-11-15 21:09
    ComboFix3.txt 2010-11-15 00:03

    Pre-Run: 18,818,617,344 bytes free
    Post-Run: 18,806,534,144 bytes free

    - - End Of File - - 526B43D5BB0343E6EE763CF4D72B0133
     
  24. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Delete your Combofix file, download fresh one and post new log.
     
  25. davidanthony

    davidanthony TS Rookie Topic Starter Posts: 64

    ComboFix 10-11-15.06 - Dave 11/16/2010 7:39.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.673 [GMT -4:00]
    Running from: F:\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\winlogon.exe . . . is infected!!

    c:\windows\explorer.exe . . . is infected!!

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
    .

    2010-11-16 01:53 . 2010-11-16 01:53 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Temp
    2010-11-14 22:31 . 2010-11-14 22:31 -------- d-----w- c:\documents and settings\Alex.COGGER\Application Data\AVG10
    2010-11-14 22:29 . 2010-11-14 22:29 -------- d-----w- c:\documents and settings\Nic\Application Data\AVG10
    2010-11-14 21:27 . 2010-11-14 21:27 -------- d-----w- c:\documents and settings\admin\Application Data\AVG10
    2010-11-11 12:26 . 2010-11-11 12:26 -------- d-----w- c:\documents and settings\Shelley.COGGER\Local Settings\Application Data\Google
    2010-11-11 04:45 . 2010-11-11 10:52 -------- d-----w- c:\program files\win
    2010-11-11 02:16 . 2010-11-11 02:16 -------- d-----w- c:\documents and settings\Shelley.COGGER\Application Data\AVG10
    2010-11-10 20:43 . 2010-11-10 20:43 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Local Settings\Application Data\Google
    2010-11-08 21:33 . 2010-11-08 21:33 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Application Data\AVG10
    2010-11-05 21:59 . 2010-11-05 21:59 -------- d-----w- C:\$AVG
    2010-11-05 21:56 . 2010-11-05 21:56 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
    2010-11-05 21:50 . 2010-11-05 21:50 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\AVG10
    2010-11-05 21:27 . 2010-11-14 23:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
    2010-11-05 21:09 . 2010-11-05 21:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
    2010-11-04 11:42 . 2010-11-05 02:54 -------- d-----w- c:\program files\tmp

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    [-] 2008-04-14 . 548E23C88C1FD9032CEA2A4B46DD6FD7 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

    [-] 2008-04-14 . 4494E27ADDA19F923B454B4F94D03E8B . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-11-15_00.02.22 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2004-08-04 10:00 . 2010-11-14 23:48 67312 c:\windows\system32\perfc009.dat
    + 2004-08-04 10:00 . 2010-11-16 02:01 67312 c:\windows\system32\perfc009.dat
    + 2010-11-15 20:48 . 2010-11-15 20:48 21504 c:\windows\Installer\25a50.msi
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe
    + 2004-08-04 10:00 . 2010-11-16 02:01 432356 c:\windows\system32\perfh009.dat
    - 2004-08-04 10:00 . 2010-11-14 23:48 432356 c:\windows\system32\perfh009.dat
    + 2010-11-15 21:02 . 2010-11-15 21:02 1223680 c:\windows\Installer\ca060.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware.exe" [2010-11-04 2424560]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-10-29 11:20 548352 ----a-w- d:\program files\SASWINLO.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^Alex.COGGER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Alex.COGGER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Net Assistant.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Net Assistant.lnk
    backup=c:\windows\pss\Net Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
    path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
    backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Office Startup.lnk]
    path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Office Startup.lnk
    backup=c:\windows\pss\Office Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
    2006-11-17 20:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2005-08-08 06:10 16384 ----a-w- c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
    1999-10-11 01:00 41984 ----a-w- c:\windows\Ctregrun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
    2007-05-30 17:52 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2005-08-08 06:10 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    1998-11-30 21:04 497376 ----a-w- c:\windows\p_981116.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-12-08 18:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    1937-09-16 12:52 438359 ----a-r- c:\progra~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-04 04:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
    2005-08-08 05:51 25600 ----a-w- c:\windows\MIDIDEF.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-08-20 01:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-08-08 01:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\new steam\\Steam.exe"=
    "c:\\new steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [8/5/2009 3:06 PM 12872]
    R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [8/5/2009 3:06 PM 67656]
    R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [4/16/2010 7:16 PM 36981]
    R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [5/3/2010 8:10 PM 31872]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [8/4/2009 8:33 PM 28672]
    S2 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2009 9:46 PM 133104]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" --> c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [?]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
    S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [8/5/2009 3:06 PM 12872]
    S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [3/15/2010 7:25 PM 51840]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-19 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 01:44]

    2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]

    2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.aliant.net
    uInternet Settings,ProxyOverride = 127.0.0.1
    Trusted Zone: aol.com\free
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-16 07:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(616)
    d:\program files\SASWINLO.DLL
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-11-16 07:46:21
    ComboFix-quarantined-files.txt 2010-11-16 11:46
    ComboFix2.txt 2010-11-16 02:20
    ComboFix3.txt 2010-11-15 21:09
    ComboFix4.txt 2010-11-15 00:03

    Pre-Run: 18,673,057,792 bytes free
    Post-Run: 18,662,346,752 bytes free

    - - End Of File - - 49DDCC66F066E8276A303CE570CAC94F
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.