Solved Google redirect.

davidanthony · Nov 14, 2010

HI,
Appreciate any help getting rid of the google redirect virus here are my logs after going through the 8 step procedure you asked for.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/22/2010 10:56:05 PM
System Uptime: 11/14/2010 10:29:49 AM (0 hours ago)

Motherboard: | | 939Dual-SATA2
Processor: AMD Athlon(tm) 64 Processor 3500+ | CPUSocket | 2200/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 17.425 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 47.38 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 5.0 Limited Edition
Adobe Reader 9.1
Aion
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
AudibleManager
AVG 2011
AVIVO Codecs
Canon PhotoRecord
Canon S820
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Counter-Strike: Source
Creative Audio Control Panel
Creative MediaSource
Creative Software AutoUpdate
Exploration Mars
Express Burn
Garmin USB Drivers
Garmin WebUpdater
GetDataBack for NTFS
Google Chrome
Google Earth
Google Update Helper
Google Updater
Hearts of Iron III
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Update
Java(TM) 6 Update 15
LEGO Cam
LimeWire 5.2.13
Malwarebytes' Anti-Malware
MapSource
MapSource - Topo Canada v2
Medieval II: Total War
Medieval II: Total War - Kingdoms
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 97, Professional Edition
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MP3 Player Recovery Tool
MSN
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
NCsoft Launcher
Net Assistant
OpenAL
PC Inspector File Recovery
QuickTime
RealPlayer 7 Basic
RegCure 1.6.0.0
Robotics Invention System 2.0
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Skype Toolbars
Skype™ 4.2
Sound Blaster X-Fi
Steam
SUPERAntiSpyware Free Edition
Triptych
ULi LAN Driver
ULi M5289 SATA Driver
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Vision Command
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
ZEN V Series Media Explorer

==== End Of File ===========================

DDS (Ver_10-11-10.01) - NTFSx86
Run by Dave at 10:42:37.01 on Sun 11/14/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.587 [GMT -4:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dave.COGGER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.aliant.net
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] d:\program files\SUPERAntiSpyware.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mPolicies-system: EnableLUA = 0 (0x0)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [2009-8-5 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [2009-8-5 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [2010-4-16 36981]
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2010-5-3 31872]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2009-8-4 28672]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\common files\creative labs shared\service\ctaelicensing.exe" --> c:\program files\common files\creative labs shared\service\CTAELicensing.exe [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [2009-8-5 12872]
S4 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\google\update\GoogleUpdate.exe [2009-8-7 133104]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2010-3-15 51840]

=============== Created Last 30 ================

2010-11-11 04:45:52 -------- d-----w- c:\program files\win
2010-11-05 21:59:31 -------- d--h--w- C:\$AVG
2010-11-05 21:56:42 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
2010-11-05 21:50:49 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\AVG10
2010-11-05 21:27:10 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-05 21:27:10 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
2010-11-05 21:09:35 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
2010-11-05 13:01:04 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Rewi
2010-11-05 13:01:04 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Fydy
2010-11-05 02:53:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Quwe
2010-11-05 02:53:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Ezud
2010-11-04 11:42:05 -------- d-----w- c:\program files\tmp
2010-11-03 01:01:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Kuimx
2010-11-03 01:01:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Icwega
2010-11-03 01:01:04 -------- d-----w- c:\program files\windows

==================== Find3M ====================

============= FINISH: 10:43:46.62 ===============

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-14 10:39:33
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f ST380011A rev.3.06
Running: p7x72zpu.exe; Driver: C:\DOCUME~1\DAVE~1.COG\LOCALS~1\Temp\uftdqpod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5111

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/14/2010 10:19:15 AM
mbam-log-2010-11-14 (10-19-15).txt

Scan type: Quick scan
Objects scanned: 277852
Time elapsed: 21 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\lusaru.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jonathan.COGGER\Start Menu\Programs\Startup\wuade.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nic\Start Menu\Programs\Startup\xoekto.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shelley.COGGER\Start Menu\Programs\Startup\afpeil.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dave.COGGER\Application Data\dkfjasdfshd.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

Good Luck!
Thanks in advance...

Broni · Nov 14, 2010

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

davidanthony · Nov 14, 2010

Thanks for the quick response.

Here is the MBR log.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF7ADC000 \WINDOWS\system32\KDCOM.DLL
0xF79EC000 \WINDOWS\system32\BOOTVID.dll
0xF74AD000 ACPI.sys
0xF7ADE000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF749C000 pci.sys
0xF75DC000 isapnp.sys
0xF7AE0000 aliide.sys
0xF785C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75EC000 MountMgr.sys
0xF747D000 ftdisk.sys
0xF7864000 PartMgr.sys
0xF75FC000 VolSnap.sys
0xF7465000 atapi.sys
0xF786C000 cercsr6.sys
0xF744D000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF760C000 disk.sys
0xF761C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF742E000 fltMgr.sys
0xF741C000 sr.sys
0xF7405000 KSecDD.sys
0xF73F2000 WudfPf.sys
0xF7365000 Ntfs.sys
0xF7338000 NDIS.sys
0xF731D000 Mup.sys
0xF7874000 avgrkx86.sys
0xF762C000 AVGIDSEH.Sys
0xF765C000 \SystemRoot\system32\DRIVERS\processr.sys
0xF7145000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF7131000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF70C5000 \SystemRoot\system32\drivers\ctaud2k.sys
0xF70A1000 \SystemRoot\system32\drivers\portcls.sys
0xF766C000 \SystemRoot\system32\drivers\drmk.sys
0xF707E000 \SystemRoot\system32\drivers\ks.sys
0xF704C000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF78A4000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xF78B4000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7038000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7A78000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF767C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78BC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF78C4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF768C000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A80000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF78D4000 \SystemRoot\system32\DRIVERS\ULILAN51.SYS
0xF769C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76BC000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF78F4000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6FED000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78FC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7C8F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A94000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6FD6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76DC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76EC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF791C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6FC5000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76FC000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF792C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF793C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF770C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AE6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6F91000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AA8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF771C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AEA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF772C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA64F0000 \SystemRoot\system32\drivers\ha20x2k.sys
0xA64C3000 \SystemRoot\system32\drivers\emupia2k.sys
0xA649C000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xA6400000 \SystemRoot\system32\drivers\ctac32k.sys
0xF7954000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF779C000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7AF4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CED000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AF8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF796C000 \SystemRoot\System32\drivers\vga.sys
0xF7AFC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF797C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF798C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A64000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA63CD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA6375000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA632D000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xA630C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF79A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF79B4000 \SystemRoot\system32\DRIVERS\OVCE.sys
0xF77BC000 \SystemRoot\system32\DRIVERS\OVCAM2.sys
0xF77CC000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xA628E000 \SystemRoot\system32\DRIVERS\OVCODEK2.sys
0xA6266000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF79DC000 \SystemRoot\system32\drivers\OVSound2.sys
0xA6244000 \SystemRoot\System32\drivers\afd.sys
0xF77DC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA6222000 \??\D:\Program Files\SASKUTIL.sys
0xF77EC000 \SystemRoot\System32\Drivers\LTower.sys
0xF7894000 \??\D:\Program Files\SASDIFSV.SYS
0xA6156000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA60E7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77FC000 \SystemRoot\System32\Drivers\Fips.SYS
0xA60AB000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF783C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA601B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B1C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA6097000 \SystemRoot\System32\drivers\Dxapi.sys
0xF790C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CF1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA3A7E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7AE4000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA3D5B000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA3C7B000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA393E000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA382B000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA33DE000 \SystemRoot\system32\drivers\wdmaud.sys
0xA3783000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79BC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA308F000 \SystemRoot\system32\drivers\kmixer.sys
0xBFF50000 \SystemRoot\System32\TSDDD.dll
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09C000 \SystemRoot\System32\atikvmag.dll
0xBF0E2000 \SystemRoot\System32\ati3duag.dll
0xBF32D000 \SystemRoot\System32\ativvaxx.dll
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
540 C:\WINDOWS\system32\smss.exe
572 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
748 csrss.exe
792 C:\WINDOWS\system32\winlogon.exe
864 C:\WINDOWS\system32\services.exe
884 C:\WINDOWS\system32\lsass.exe
1060 C:\WINDOWS\system32\ati2evxx.exe
1108 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1308 C:\WINDOWS\system32\svchost.exe
1364 C:\WINDOWS\system32\svchost.exe
1400 C:\WINDOWS\system32\ati2evxx.exe
1496 svchost.exe
1612 svchost.exe
1668 C:\WINDOWS\system32\spoolsv.exe
1804 svchost.exe
1836 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1888 C:\WINDOWS\system32\svchost.exe
1904 wdfmgr.exe
1984 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
836 C:\Program Files\AVG\AVG10\avgnsx.exe
892 C:\Program Files\AVG\AVG10\avgemcx.exe
984 alg.exe
2732 C:\WINDOWS\system32\wscntfy.exe
2868 C:\WINDOWS\explorer.exe
3056 C:\Program Files\AVG\AVG10\avgtray.exe
3144 D:\Program Files\SUPERANTISPYWARE.EXE
3436 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3864 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
3900 C:\Program Files\AVG\AVG10\avgcsrvx.exe
2632 csrss.exe
3916 C:\WINDOWS\system32\winlogon.exe
1436 C:\WINDOWS\system32\ati2evxx.exe
2172 explorer.exe
2232 wscntfy.exe
268 avgtray.exe
2344 msnmsgr.exe
2340 AVGIDSMonitor.exe
2596 rundll32.exe
396 C:\Documents and Settings\Dave.COGGER\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST380011A, Rev: 3.06
PhysicalDrive1 Model Number: ST3200826A, Rev: 3.03

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
186 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495

Done!

Broni · Nov 14, 2010

Looks good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

davidanthony · Nov 14, 2010

combo log

Here is the log for combo...

ComboFix 10-11-14.01 - Dave 11/14/2010 19:56:43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.704 [GMT -4:00]
Running from: c:\documents and settings\Dave.COGGER\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dave.COGGER\Application Data\completescan
c:\documents and settings\Dave.COGGER\Application Data\install
c:\documents and settings\Dave.COGGER\patriot tickets info .txt
c:\documents and settings\Jonathan.COGGER\Application Data\.#
c:\documents and settings\Jonathan.COGGER\Application Data\Baweb
c:\documents and settings\Jonathan.COGGER\Application Data\Baweb\esevy.exe
c:\program files\Mozilla Firefox\extensions\{0170ED98-2070-4F36-8F32-39A9C582C255}
c:\program files\Mozilla Firefox\extensions\{0170ED98-2070-4F36-8F32-39A9C582C255}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{0170ED98-2070-4F36-8F32-39A9C582C255}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{0170ED98-2070-4F36-8F32-39A9C582C255}\install.rdf
c:\program files\Mozilla Firefox\extensions\{03FF7EC8-BBBE-45A9-A962-F391FFE86908}
c:\program files\Mozilla Firefox\extensions\{03FF7EC8-BBBE-45A9-A962-F391FFE86908}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{03FF7EC8-BBBE-45A9-A962-F391FFE86908}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{03FF7EC8-BBBE-45A9-A962-F391FFE86908}\install.rdf
c:\program files\Mozilla Firefox\extensions\{0513B74D-B20D-4D0E-BC0E-E9C4159315DC}
c:\program files\Mozilla Firefox\extensions\{0513B74D-B20D-4D0E-BC0E-E9C4159315DC}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{0513B74D-B20D-4D0E-BC0E-E9C4159315DC}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{0513B74D-B20D-4D0E-BC0E-E9C4159315DC}\install.rdf
c:\program files\Mozilla Firefox\extensions\{07EF6850-BA69-40F6-A769-33E145D6AA54}
c:\program files\Mozilla Firefox\extensions\{07EF6850-BA69-40F6-A769-33E145D6AA54}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{07EF6850-BA69-40F6-A769-33E145D6AA54}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{07EF6850-BA69-40F6-A769-33E145D6AA54}\install.rdf
c:\program files\Mozilla Firefox\extensions\{0833E029-50E9-4440-9320-ED665044B9E0}
c:\program files\Mozilla Firefox\extensions\{0833E029-50E9-4440-9320-ED665044B9E0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{0833E029-50E9-4440-9320-ED665044B9E0}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{0833E029-50E9-4440-9320-ED665044B9E0}\install.rdf
c:\program files\Mozilla Firefox\extensions\{0BD4410C-446A-46E9-9637-FB5F570F897B}
c:\program files\Mozilla Firefox\extensions\{0BD4410C-446A-46E9-9637-FB5F570F897B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{0BD4410C-446A-46E9-9637-FB5F570F897B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{0BD4410C-446A-46E9-9637-FB5F570F897B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{12AA9BA7-8CA8-4D33-941F-B397993807A2}
c:\program files\Mozilla Firefox\extensions\{12AA9BA7-8CA8-4D33-941F-B397993807A2}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{12AA9BA7-8CA8-4D33-941F-B397993807A2}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{12AA9BA7-8CA8-4D33-941F-B397993807A2}\install.rdf
c:\program files\Mozilla Firefox\extensions\{1361CE0A-2262-49A4-974D-01726A31D593}
c:\program files\Mozilla Firefox\extensions\{1361CE0A-2262-49A4-974D-01726A31D593}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1361CE0A-2262-49A4-974D-01726A31D593}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1361CE0A-2262-49A4-974D-01726A31D593}\install.rdf
c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}

davidanthony · Nov 14, 2010

combo log part 2

-4D53-8418-0765B938859F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}\install.rdf
c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}
c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\install.rdf
c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}
c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\install.rdf
c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}
c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\install.rdf
c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}
c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\install.rdf
c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}
c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\install.rdf
c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}
c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}
c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}
c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}
c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\install.rdf
c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}
c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\install.rdf
c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}
c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\install.rdf
c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}
c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}
c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\install.rdf
c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}
c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\install.rdf
c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}
c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}
c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}
c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}
c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\install.rdf
c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}
c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\install.rdf
c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}
c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\install.rdf
c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}
c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\install.rdf
c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}
c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\install.rdf
c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}
c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\install.rdf
c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}
c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\install.rdf
c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}
c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\install.rdf
c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}
c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}
c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\install.rdf
c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}
c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}
c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}
c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}
c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}
c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}
c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}
c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}
c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}
c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}
c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}
c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\install.rdf
c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}
c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\install.rdf
c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}
c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\install.rdf
c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}
c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\install.rdf
c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}
c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\install.rdf
c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}
c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}
c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\install.rdf
c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}
c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\install.rdf
c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}
c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}
c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}
c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}
c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}
c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}
c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}
c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}
c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}
c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}
c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}
c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\install.rdf
c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}
c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\install.rdf
c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}
c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\install.rdf
c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}
c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\install.rdf
c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}
c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\install.rdf
c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}
c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\install.rdf
c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}
c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\install.rdf
c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}
c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}
c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}
c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\install.rdf
c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}
c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\install.rdf
c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}
c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\install.rdf
c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}
c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\install.rdf
c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}
c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\install.rdf
c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}
c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}
c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\install.rdf
c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}
c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}
c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\install.rdf

davidanthony · Nov 14, 2010

combo part 2

c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{154FA6F5-4E12-4D53-8418-0765B938859F}\install.rdf
c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}
c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{157DC98A-0EEC-446D-A692-769C5F39A644}\install.rdf
c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}
c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{19B0C58E-BAFD-4BC9-861B-64CBBA253A25}\install.rdf
c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}
c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1AEEDFE3-F12D-4373-B6A3-E3F3A7845F29}\install.rdf
c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}
c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1BA57F06-A57E-4628-8979-13961827E874}\install.rdf
c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}
c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1DEA1358-4AA2-4AA2-9877-81CD18B96DAB}\install.rdf
c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}
c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1ECB249D-F244-4C40-A99B-6CAC3B3A8EAA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}
c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1FC21E84-D542-4155-B2E8-FF9C811CD17B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}
c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2014C5BB-1B3E-43CA-96AE-CCE587772A8B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}
c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2489691A-0861-4795-9306-B6381181E486}\install.rdf
c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}
c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{26E2E409-527C-4A10-BB48-6AC1E2B8DF2F}\install.rdf
c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}
c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{273A24F3-7CB1-40B4-B487-BC6E5F685252}\install.rdf
c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}
c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{27E45E17-B262-417E-A139-E6AF7691DD6A}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}
c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2817A13F-19B9-478B-8BE5-0704EAE2BCAF}\install.rdf
c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}
c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{29420346-6FFB-4111-BEB0-E694406F60AB}\install.rdf
c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}
c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{299FFEF2-D5B0-4ACE-8257-FC920D068929}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}
c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2A55F823-7082-4AA8-AA9D-1A520F8F7C96}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}
c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2ED2A9F2-6643-44F8-9C23-73E6AD2888DD}\install.rdf
c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}
c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2FD62F2E-6857-4E77-8D1C-B9C058917A18}\install.rdf
c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}
c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{30C7AC1C-DB01-4ADD-9AF1-B75A23E79E94}\install.rdf
c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}
c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{32B8CEB2-19EB-4C51-82DA-C6B9ED1F7340}\install.rdf
c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}
c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{347673AD-9D4B-47A2-8CC1-A8E643593899}\install.rdf
c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}
c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{35B24EF8-B072-4206-974D-1D20D281EC21}\install.rdf
c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}
c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{38F8180A-DE6A-429C-BF29-BAA37737D76D}\install.rdf
c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}
c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{3E869277-3039-4759-B515-F2944F96EED5}\install.rdf
c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}
c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{412CB80D-63B0-42C2-BFF8-7DF559B13060}\install.rdf
c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}
c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{432AF31F-CA37-4C92-AD26-F39094D7392D}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}
c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4415E890-1031-41EF-B268-36E47554C42F}\install.rdf
c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}
c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{45703B25-F644-4A2F-8201-75E8D973663B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}
c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{45F321D8-8639-4678-AFB9-5AA2F2F64C4A}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}
c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4751822C-02A6-4B6C-BA32-932902A75908}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}
c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4968C7C8-AF0A-42DF-9761-843F4D984A37}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}
c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4A21523A-E3B6-47BF-A5DF-8FE207723398}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}
c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4A3BAA0B-1DA9-463A-A662-25EC0FAB7910}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}
c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4B2A4168-D68A-4D96-A6D6-8B171F9F1EC3}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}
c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4DD44BB8-7C44-4E48-9628-8B60088A7286}\install.rdf
c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}
c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4E252C7E-196D-43F5-BE8D-D6606E71DC07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}
c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{511B76B4-E8CD-431B-8F4F-D402BA6182DA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}
c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{56BBD5FD-F612-4C88-80EB-87A12C38919C}\install.rdf
c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}
c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{5801A38B-2C2A-4FBD-BEE7-D53F2FF22D9E}\install.rdf
c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}
c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{5A54EC0B-9A56-41D3-95E2-7DBFABFCEAD0}\install.rdf
c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}
c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{5A8B5624-0F2B-42F0-895E-F3D10C3A2FA6}\install.rdf
c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}
c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{5CBA55DE-47C1-4E4F-899E-84B57A2C6F01}\install.rdf
c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}
c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{5D55A310-1249-417E-A77C-DFE5F95E0221}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}
c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6046FDAF-F8C0-4F78-903D-2124B04E5DC7}\install.rdf
c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}
c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{62C61479-3871-4617-AAFE-BCD3A61124E0}\install.rdf
c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}
c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{633395BC-F60C-4907-830C-69BE8E3CE02C}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}
c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6428E8E1-B2A9-4A4B-A008-4141D6DFCD60}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}
c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6599A025-45BA-45FC-B91A-B9797ADA16C9}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}
c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6A71600D-6A80-4D1B-8BC2-290F2EF659AF}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}
c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6B4540DB-217D-421A-9A77-05C8BE486AF0}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}
c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6B8F6B2B-7ACA-4064-9B34-C227BD3CFEDC}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}
c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6C49CD64-9A73-4FDC-8234-8477C8BD34D3}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}
c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6EC93B5D-814E-4F6F-A99F-E009FB0B9D17}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}
c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6ED8B3E3-1D30-45D6-AADD-F1C2C17AB583}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}
c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6F7A4C99-BEFF-4879-8C07-3264961B8608}\install.rdf
c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}
c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6FFC5090-641A-4670-8AE6-F1BA5870CFF0}\install.rdf
c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}
c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{70EAE909-FA1B-4D33-8758-ADDB76FDA115}\install.rdf
c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}
c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{73F96746-7560-4DBC-8FBB-74D5AA4C652F}\install.rdf
c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}
c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{7665216B-48D6-4AAE-9954-27B78C4F5755}\install.rdf
c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}
c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{76913F76-EB57-4F71-9EF4-C382D5755FDC}\install.rdf
c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}
c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{7AE5F108-6C0E-41BA-8875-5DEBD6E5CCD1}\install.rdf
c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}
c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{7E5508D2-07D6-470B-8C5E-29D0CDB70C43}\install.rdf
c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}
c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{7F9410AC-322F-4DA4-B503-B9396C7CA30B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}
c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{7FD157A2-AA92-44E4-BE43-987934D571B0}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}
c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{8050BB58-26A2-462A-B047-B111876953A6}\install.rdf
c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}
c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{81B0DFEC-BFCA-4DE4-A82A-9645D1D34E70}\install.rdf
c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}
c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{81E08AE7-8347-4195-94FD-4C97728D1B1A}\install.rdf
c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}
c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{821C7132-8B4A-4A3C-B54A-E6D6CC12B402}\install.rdf
c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}
c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{86754A3D-8259-4C25-8806-2B756B3DEE6C}\install.rdf
c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}
c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{878AC9EF-9602-4862-98F8-64719852B4DA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}
c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{87E55833-7BE7-4351-A034-2595A101F835}\install.rdf
c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}
c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{895A83ED-9EC0-4B23-B4B5-0A706FBA68C7}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}
c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{8C280C9B-5A3E-4264-8C59-DEE4442FE1BB}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8CAF0693-3D25-45A5-B365-3EE8C93246C2}
c:\program files\Mozilla Firefox\extensions\{8CAF0693-3D25-45A5-B365-3EE8C93246C2}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CAF0693-3D25-45A5-B365-3EE8C93246C2}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{8CAF0693-3D25-45A5-B365-3EE8C93246C2}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8E7554D3-8E06-4410-AE9F-5EFA4FEF12B2}
c:\program files\Mozilla Firefox\extensions\{8E7554D3-8E06-4410-AE9F-5EFA4FEF12B2}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8E7554D3-8E06-4410-AE9F-5EFA4FEF12B2}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{8E7554D3-8E06-4410-AE9F-5EFA4FEF12B2}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8E8D17D3-B7BC-47E7-A626-C40B64128CF5}
c:\program files\Mozilla Firefox\extensions\{8E8D17D3-B7BC-47E7-A626-C40B64128CF5}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8E8D17D3-B7BC-47E7-A626-C40B64128CF5}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{8E8D17D3-B7BC-47E7-A626-C40B64128CF5}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8FA3FFAB-50FC-4BB8-87E4-0151CC9D464D}
c:\program files\Mozilla Firefox\extensions\{8FA3FFAB-50FC-4BB8-87E4-0151CC9D464D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8FA3FFAB-50FC-4BB8-87E4-0151CC9D464D}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{8FA3FFAB-50FC-4BB8-87E4-0151CC9D464D}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8FA901CA-23B4-49A6-8E3B-04722049F9FD}
c:\program files\Mozilla Firefox\extensions\{8FA901CA-23B4-49A6-8E3B-04722049F9FD}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8FA901CA-23B4-49A6-8E3B-04722049F9FD}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{8FA901CA-23B4-49A6-8E3B-04722049F9FD}\install.rdf
c:\program files\Mozilla Firefox\extensions\{9196719B-69D5-408E-A5C0-D42553C5ED09}
c:\program files\Mozilla Firefox\extensions\{9196719B-69D5-408E-A5C0-D42553C5ED09}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9196719B-69D5-408E-A5C0-D42553C5ED09}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{9196719B-69D5-408E-A5C0-D42553C5ED09}\install.rdf
c:\program files\Mozilla Firefox\extensions\{937B631A-A278-4895-A1A7-6EC391B1932C}
c:\program files\Mozilla Firefox\extensions\{937B631A-A278-4895-A1A7-6EC391B1932C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{937B631A-A278-4895-A1A7-6EC391B1932C}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{937B631A-A278-4895-A1A7-6EC391B1932C}\install.rdf
c:\program files\Mozilla Firefox\extensions\{99CED21A-DC0B-4715-9D2C-CFBE472679B7}
c:\program files\Mozilla Firefox\extensions\{99CED21A-DC0B-4715-9D2C-CFBE472679B7}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{99CED21A-DC0B-4715-9D2C-CFBE472679B7}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{99CED21A-DC0B-4715-9D2C-CFBE472679B7}\install.rdf
c:\program files\Mozilla Firefox\extensions\{9C90AB4C-3E33-4336-887F-D783184B7E6B}
c:\program files\Mozilla Firefox\extensions\{9C90AB4C-3E33-4336-887F-D783184B7E6B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9C90AB4C-3E33-4336-887F-D783184B7E6B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{9C90AB4C-3E33-4336-887F-D783184B7E6B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{9E076F0C-C806-4C95-9297-B5DB532EA936}
c:\program files\Mozilla Firefox\extensions\{9E076F0C-C806-4C95-9297-B5DB532EA936}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9E076F0C-C806-4C95-9297-B5DB532EA936}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{9E076F0C-C806-4C95-9297-B5DB532EA936}\install.rdf
c:\program files\Mozilla Firefox\extensions\{A04D48F6-CB2B-4D7D-9CC0-0089ADF8774F}
c:\program files\Mozilla Firefox\extensions\{A04D48F6-CB2B-4D7D-9CC0-0089ADF8774F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{A04D48F6-CB2B-4D7D-9CC0-0089ADF8774F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{A04D48F6-CB2B-4D7D-9CC0-0089ADF8774F}\install.rdf
c:\program files\Mozilla Firefox\extensions\{A68DEEC4-443E-4A6A-A843-A729BD4CE2F8}
c:\program files\Mozilla Firefox\extensions\{A68DEEC4-443E-4A6A-A843-A729BD4CE2F8}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{A68DEEC4-443E-4A6A-A843-A729BD4CE2F8}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{A68DEEC4-443E-4A6A-A843-A729BD4CE2F8}\install.rdf
c:\program files\Mozilla Firefox\extensions\{A7DBB34F-1900-41E1-87F4-262335A8A768}
c:\program files\Mozilla Firefox\extensions\{A7DBB34F-1900-41E1-87F4-262335A8A768}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{A7DBB34F-1900-41E1-87F4-262335A8A768}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{A7DBB34F-1900-41E1-87F4-262335A8A768}\install.rdf
c:\program files\Mozilla Firefox\extensions\{A7F46E79-6B04-42BD-804B-765BB335A9FC}
c:\program files\Mozilla Firefox\extensions\{A7F46E79-6B04-42BD-804B-765BB335A9FC}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{A7F46E79-6B04-42BD-804B-765BB335A9FC}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{A7F46E79-6B04-42BD-804B-765BB335A9FC}\install.rdf
c:\program files\Mozilla Firefox\extensions\{A9FF6692-D707-42DC-86F9-AE309E80B32F}
c:\program files\Mozilla Firefox\extensions\{A9FF6692-D707-42DC-86F9-AE309E80B32F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{A9FF6692-D707-42DC-86F9-AE309E80B32F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{A9FF6692-D707-42DC-86F9-AE309E80B32F}\install.rdf
c:\program files\Mozilla Firefox\extensions\{AC080564-5436-4EE2-B482-BF710875CC81}
c:\program files\Mozilla Firefox\extensions\{AC080564-5436-4EE2-B482-BF710875CC81}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{AC080564-5436-4EE2-B482-BF710875CC81}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{AC080564-5436-4EE2-B482-BF710875CC81}\install.rdf
c:\program files\Mozilla Firefox\extensions\{AECA3E95-D929-4181-9F36-7E3E55A70747}
c:\program files\Mozilla Firefox\extensions\{AECA3E95-D929-4181-9F36-7E3E55A70747}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{AECA3E95-D929-4181-9F36-7E3E55A70747}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{AECA3E95-D929-4181-9F36-7E3E55A70747}\install.rdf
c:\program files\Mozilla Firefox\extensions\{AEED930C-08CC-45D1-93B5-74F16632BB41}
c:\program files\Mozilla Firefox\extensions\{AEED930C-08CC-45D1-93B5-74F16632BB41}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{AEED930C-08CC-45D1-93B5-74F16632BB41}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{AEED930C-08CC-45D1-93B5-74F16632BB41}\install.rdf
c:\program files\Mozilla Firefox\extensions\{B209F473-ED50-45CB-9672-9AE4EFC54D51}
c:\program files\Mozilla Firefox\extensions\{B209F473-ED50-45CB-9672-9AE4EFC54D51}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{B209F473-ED50-45CB-9672-9AE4EFC54D51}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{B209F473-ED50-45CB-9672-9AE4EFC54D51}\install.rdf
c:\program files\Mozilla Firefox\extensions\{B2A9F037-95B5-438A-9625-1B72CFB71292}
c:\program files\Mozilla Firefox\extensions\{B2A9F037-95B5-438A-9625-1B72CFB71292}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{B2A9F037-95B5-438A-9625-1B72CFB71292}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{B2A9F037-95B5-438A-9625-1B72CFB71292}\install.rdf
c:\program files\Mozilla Firefox\extensions\{B2EAB5BE-B6D4-452B-80DF-73BDE0E04D56}
c:\program files\Mozilla Firefox\extensions\{B2EAB5BE-B6D4-452B-80DF-73BDE0E04D56}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{B2EAB5BE-B6D4-452B-80DF-73BDE0E04D56}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{B2EAB5BE-B6D4-452B-80DF-73BDE0E04D56}\install.rdf
c:\program files\Mozilla Firefox\extensions\{B33319FB-B438-420D-BB5D-19D5EFDB962B}
c:\program files\Mozilla Firefox\extensions\{B33319FB-B438-420D-BB5D-19D5EFDB962B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{B33319FB-B438-420D-BB5D-19D5EFDB962B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{B33319FB-B438-420D-BB5D-19D5EFDB962B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{B40757AC-CE09-4B4D-9DD6-D86598E6CA76}
c:\program files\Mozilla Firefox\extensions\{B40757AC-CE09-4B4D-9DD6-D86598E6CA76}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{B40757AC-CE09-4B4D-9DD6-D86598E6CA76}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{B40757AC-CE09-4B4D-9DD6-D86598E6CA76}\install.rdf
c:\program files\Mozilla Firefox\extensions\{B4BA9D07-C3B3-4808-8B52-D8A0FAFEB47C}
c:\program files\Mozilla Firefox\extensions\{B4BA9D07-C3B3-4808-8B52-D8A0FAFEB47C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{B4BA9D07-C3B3-4808-8B52-D8A0FAFEB47C}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{B4BA9D07-C3B3-4808-8B52-D8A0FAFEB47C}\install.rdf
c:\program files\Mozilla Firefox\extensions\{B70A7374-B9A1-4811-80E4-54B56DADD675}
c:\program files\Mozilla Firefox\extensions\{B70A7374-B9A1-4811-80E4-54B56DADD675}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{B70A7374-B9A1-4811-80E4-54B56DADD675}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{B70A7374-B9A1-4811-80E4-54B56DADD675}\install.rdf
c:\program files\Mozilla Firefox\extensions\{B7BEDC3E-2253-4A9D-B234-5AA54FAAAF7C}
c:\program files\Mozilla Firefox\extensions\{B7BEDC3E-2253-4A9D-B234-5AA54FAAAF7C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{B7BEDC3E-2253-4A9D-B234-5AA54FAAAF7C}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{B7BEDC3E-2253-4A9D-B234-5AA54FAAAF7C}\install.rdf
c:\program files\Mozilla Firefox\extensions\{B8D75CAA-E343-4421-804C-00C6B0CC28CA}
c:\program files\Mozilla Firefox\extensions\{B8D75CAA-E343-4421-804C-00C6B0CC28CA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{B8D75CAA-E343-4421-804C-00C6B0CC28CA}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{B8D75CAA-E343-4421-804C-00C6B0CC28CA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{BA2C1399-D8D5-4A6F-A7E9-B935E50FC458}
c:\program files\Mozilla Firefox\extensions\{BA2C1399-D8D5-4A6F-A7E9-B935E50FC458}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{BA2C1399-D8D5-4A6F-A7E9-B935E50FC458}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{BA2C1399-D8D5-4A6F-A7E9-B935E50FC458}\install.rdf
c:\program files\Mozilla Firefox\extensions\{BC55615B-5019-4E47-9B7E-1F4DB30C27E3}
c:\program files\Mozilla Firefox\extensions\{BC55615B-5019-4E47-9B7E-1F4DB30C27E3}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{BC55615B-5019-4E47-9B7E-1F4DB30C27E3}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{BC55615B-5019-4E47-9B7E-1F4DB30C27E3}\install.rdf
c:\program files\Mozilla Firefox\extensions\{BDF54CB7-18AD-498B-94C3-D735A4CFDCA3}
c:\program files\Mozilla Firefox\extensions\{BDF54CB7-18AD-498B-94C3-D735A4CFDCA3}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{BDF54CB7-18AD-498B-94C3-D735A4CFDCA3}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{BDF54CB7-18AD-498B-94C3-D735A4CFDCA3}\install.rdf
c:\program files\Mozilla Firefox\extensions\{C01305CB-9411-443D-A4E7-A4E51D1774D7}
c:\program files\Mozilla Firefox\extensions\{C01305CB-9411-443D-A4E7-A4E51D1774D7}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{C01305CB-9411-443D-A4E7-A4E51D1774D7}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{C01305CB-9411-443D-A4E7-A4E51D1774D7}\install.rdf
c:\program files\Mozilla Firefox\extensions\{C0978E47-14F7-4600-B4D5-316AE7F9EC66}
c:\program files\Mozilla Firefox\extensions\{C0978E47-14F7-4600-B4D5-316AE7F9EC66}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{C0978E47-14F7-4600-B4D5-316AE7F9EC66}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{C0978E47-14F7-4600-B4D5-316AE7F9EC66}\install.rdf
c:\program files\Mozilla Firefox\extensions\{C1D6F9B7-5449-42AF-B697-499849A983C6}
c:\program files\Mozilla Firefox\extensions\{C1D6F9B7-5449-42AF-B697-499849A983C6}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{C1D6F9B7-5449-42AF-B697-499849A983C6}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{C1D6F9B7-5449-42AF-B697-499849A983C6}\install.rdf
c:\program files\Mozilla Firefox\extensions\{C287D95B-4512-4E7C-8249-839353B56241}
c:\program files\Mozilla Firefox\extensions\{C287D95B-4512-4E7C-8249-839353B56241}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{C287D95B-4512-4E7C-8249-839353B56241}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{C287D95B-4512-4E7C-8249-839353B56241}\install.rdf
c:\program files\Mozilla Firefox\extensions\{C5EF7C20-E3AD-4E2A-BA23-885E05481821}
c:\program files\Mozilla Firefox\extensions\{C5EF7C20-E3AD-4E2A-BA23-885E05481821}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{C5EF7C20-E3AD-4E2A-BA23-885E05481821}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{C5EF7C20-E3AD-4E2A-BA23-885E05481821}\install.rdf
c:\program files\Mozilla Firefox\extensions\{C6C435C7-BAFC-44F0-861B-5ECEB7F1202D}
c:\program files\Mozilla Firefox\extensions\{C6C435C7-BAFC-44F0-861B-5ECEB7F1202D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{C6C435C7-BAFC-44F0-861B-5ECEB7F1202D}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{C6C435C7-BAFC-44F0-861B-5ECEB7F1202D}\install.rdf
c:\program files\Mozilla Firefox\extensions\{C78CDF2A-88B6-47C6-9BCA-E74F4B2B62CE}
c:\program files\Mozilla Firefox\extensions\{C78CDF2A-88B6-47C6-9BCA-E74F4B2B62CE}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{C78CDF2A-88B6-47C6-9BCA-E74F4B2B62CE}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{C78CDF2A-88B6-47C6-9BCA-E74F4B2B62CE}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CA3FA276-2745-4F48-B252-E986607062C2}
c:\program files\Mozilla Firefox\extensions\{CA3FA276-2745-4F48-B252-E986607062C2}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CA3FA276-2745-4F48-B252-E986607062C2}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{CA3FA276-2745-4F48-B252-E986607062C2}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CE90C2D1-2094-47DC-88C5-9D4C457CA809}
c:\program files\Mozilla Firefox\extensions\{CE90C2D1-2094-47DC-88C5-9D4C457CA809}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CE90C2D1-2094-47DC-88C5-9D4C457CA809}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{CE90C2D1-2094-47DC-88C5-9D4C457CA809}\install.rdf
c:\program files\Mozilla Firefox\extensions\{D06AAE05-E85E-476C-98AF-E60365883740}
c:\program files\Mozilla Firefox\extensions\{D06AAE05-E85E-476C-98AF-E60365883740}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{D06AAE05-E85E-476C-98AF-E60365883740}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{D06AAE05-E85E-476C-98AF-E60365883740}\install.rdf
c:\program files\Mozilla Firefox\extensions\{D1AA4CA0-14DD-4364-9973-E6602CB943FB}
c:\program files\Mozilla Firefox\extensions\{D1AA4CA0-14DD-4364-9973-E6602CB943FB}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{D1AA4CA0-14DD-4364-9973-E6602CB943FB}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{D1AA4CA0-14DD-4364-9973-E6602CB943FB}\install.rdf
c:\program files\Mozilla Firefox\extensions\{D34CED12-D517-4B40-A00C-2A1B06EBBB45}
c:\program files\Mozilla Firefox\extensions\{D34CED12-D517-4B40-A00C-2A1B06EBBB45}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{D34CED12-D517-4B40-A00C-2A1B06EBBB45}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{D34CED12-D517-4B40-A00C-2A1B06EBBB45}\install.rdf

davidanthony · Nov 14, 2010

conbo part 3

c:\program files\Mozilla Firefox\extensions\{D7118CD7-9DD6-4B4B-9E99-269111A0B0F9}
c:\program files\Mozilla Firefox\extensions\{D7118CD7-9DD6-4B4B-9E99-269111A0B0F9}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{D7118CD7-9DD6-4B4B-9E99-269111A0B0F9}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{D7118CD7-9DD6-4B4B-9E99-269111A0B0F9}\install.rdf
c:\program files\Mozilla Firefox\extensions\{D8AEF3F4-A736-4960-AD3F-6CCFDCE6BE5A}
c:\program files\Mozilla Firefox\extensions\{D8AEF3F4-A736-4960-AD3F-6CCFDCE6BE5A}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{D8AEF3F4-A736-4960-AD3F-6CCFDCE6BE5A}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{D8AEF3F4-A736-4960-AD3F-6CCFDCE6BE5A}\install.rdf
c:\program files\Mozilla Firefox\extensions\{D9907070-54AA-499E-8D25-83244F5DD55B}
c:\program files\Mozilla Firefox\extensions\{D9907070-54AA-499E-8D25-83244F5DD55B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{D9907070-54AA-499E-8D25-83244F5DD55B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{D9907070-54AA-499E-8D25-83244F5DD55B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{DB4F91E3-2946-4F53-9339-04F05B27979E}
c:\program files\Mozilla Firefox\extensions\{DB4F91E3-2946-4F53-9339-04F05B27979E}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DB4F91E3-2946-4F53-9339-04F05B27979E}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{DB4F91E3-2946-4F53-9339-04F05B27979E}\install.rdf
c:\program files\Mozilla Firefox\extensions\{DB6047BE-EAA1-4BF5-9397-9714DA314FBC}
c:\program files\Mozilla Firefox\extensions\{DB6047BE-EAA1-4BF5-9397-9714DA314FBC}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DB6047BE-EAA1-4BF5-9397-9714DA314FBC}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{DB6047BE-EAA1-4BF5-9397-9714DA314FBC}\install.rdf
c:\program files\Mozilla Firefox\extensions\{DBF68E4A-BC87-4E36-BA91-F74F1BD25C85}
c:\program files\Mozilla Firefox\extensions\{DBF68E4A-BC87-4E36-BA91-F74F1BD25C85}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DBF68E4A-BC87-4E36-BA91-F74F1BD25C85}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{DBF68E4A-BC87-4E36-BA91-F74F1BD25C85}\install.rdf
c:\program files\Mozilla Firefox\extensions\{DD011EA9-2166-412A-B356-4F42302A920B}
c:\program files\Mozilla Firefox\extensions\{DD011EA9-2166-412A-B356-4F42302A920B}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DD011EA9-2166-412A-B356-4F42302A920B}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{DD011EA9-2166-412A-B356-4F42302A920B}\install.rdf
c:\program files\Mozilla Firefox\extensions\{DD39EA66-A6AD-4EE2-8E65-FA3AD2E33193}
c:\program files\Mozilla Firefox\extensions\{DD39EA66-A6AD-4EE2-8E65-FA3AD2E33193}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DD39EA66-A6AD-4EE2-8E65-FA3AD2E33193}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{DD39EA66-A6AD-4EE2-8E65-FA3AD2E33193}\install.rdf
c:\program files\Mozilla Firefox\extensions\{E26819A9-322C-4D7C-9AA2-13BBBA5BEAEB}
c:\program files\Mozilla Firefox\extensions\{E26819A9-322C-4D7C-9AA2-13BBBA5BEAEB}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{E26819A9-322C-4D7C-9AA2-13BBBA5BEAEB}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{E26819A9-322C-4D7C-9AA2-13BBBA5BEAEB}\install.rdf
c:\program files\Mozilla Firefox\extensions\{E4620A0D-5743-4FE8-A203-3FA18D66E836}
c:\program files\Mozilla Firefox\extensions\{E4620A0D-5743-4FE8-A203-3FA18D66E836}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{E4620A0D-5743-4FE8-A203-3FA18D66E836}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{E4620A0D-5743-4FE8-A203-3FA18D66E836}\install.rdf
c:\program files\Mozilla Firefox\extensions\{E4C1CFE2-D066-477F-B683-04B3B40F71FB}
c:\program files\Mozilla Firefox\extensions\{E4C1CFE2-D066-477F-B683-04B3B40F71FB}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{E4C1CFE2-D066-477F-B683-04B3B40F71FB}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{E4C1CFE2-D066-477F-B683-04B3B40F71FB}\install.rdf
c:\program files\Mozilla Firefox\extensions\{ED5DD791-191B-4DB4-A875-A7E4EB74ACCD}
c:\program files\Mozilla Firefox\extensions\{ED5DD791-191B-4DB4-A875-A7E4EB74ACCD}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{ED5DD791-191B-4DB4-A875-A7E4EB74ACCD}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{ED5DD791-191B-4DB4-A875-A7E4EB74ACCD}\install.rdf
c:\program files\Mozilla Firefox\extensions\{EE5C3054-B8EE-4C1F-B749-A4CCFE6A7D66}
c:\program files\Mozilla Firefox\extensions\{EE5C3054-B8EE-4C1F-B749-A4CCFE6A7D66}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{EE5C3054-B8EE-4C1F-B749-A4CCFE6A7D66}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{EE5C3054-B8EE-4C1F-B749-A4CCFE6A7D66}\install.rdf
c:\program files\Mozilla Firefox\extensions\{EEC76440-A1B0-44D8-B1A6-F30BD160E2D2}
c:\program files\Mozilla Firefox\extensions\{EEC76440-A1B0-44D8-B1A6-F30BD160E2D2}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{EEC76440-A1B0-44D8-B1A6-F30BD160E2D2}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{EEC76440-A1B0-44D8-B1A6-F30BD160E2D2}\install.rdf
c:\program files\Mozilla Firefox\extensions\{F2EA09B9-0682-4933-AA7E-496609DBD477}
c:\program files\Mozilla Firefox\extensions\{F2EA09B9-0682-4933-AA7E-496609DBD477}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F2EA09B9-0682-4933-AA7E-496609DBD477}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{F2EA09B9-0682-4933-AA7E-496609DBD477}\install.rdf
c:\program files\Mozilla Firefox\extensions\{F39CDC9C-F20B-485D-948E-098CEA43EF64}
c:\program files\Mozilla Firefox\extensions\{F39CDC9C-F20B-485D-948E-098CEA43EF64}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F39CDC9C-F20B-485D-948E-098CEA43EF64}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{F39CDC9C-F20B-485D-948E-098CEA43EF64}\install.rdf
c:\program files\Mozilla Firefox\extensions\{F5FBE231-3405-4D00-B3AB-02E2D96B84AA}
c:\program files\Mozilla Firefox\extensions\{F5FBE231-3405-4D00-B3AB-02E2D96B84AA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F5FBE231-3405-4D00-B3AB-02E2D96B84AA}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{F5FBE231-3405-4D00-B3AB-02E2D96B84AA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{F6F50B53-A45A-44B2-8BE1-CBE2077F1278}
c:\program files\Mozilla Firefox\extensions\{F6F50B53-A45A-44B2-8BE1-CBE2077F1278}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F6F50B53-A45A-44B2-8BE1-CBE2077F1278}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{F6F50B53-A45A-44B2-8BE1-CBE2077F1278}\install.rdf
c:\program files\Mozilla Firefox\extensions\{F8A5A1DD-4639-4719-B458-C85D0754EF14}
c:\program files\Mozilla Firefox\extensions\{F8A5A1DD-4639-4719-B458-C85D0754EF14}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F8A5A1DD-4639-4719-B458-C85D0754EF14}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{F8A5A1DD-4639-4719-B458-C85D0754EF14}\install.rdf
c:\program files\Mozilla Firefox\extensions\{FA9A8556-7302-4EAF-BEC7-A08E89175F41}
c:\program files\Mozilla Firefox\extensions\{FA9A8556-7302-4EAF-BEC7-A08E89175F41}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{FA9A8556-7302-4EAF-BEC7-A08E89175F41}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{FA9A8556-7302-4EAF-BEC7-A08E89175F41}\install.rdf
c:\program files\Mozilla Firefox\extensions\{FD252D62-79D6-4B07-9AAC-799D5B0B7E8F}
c:\program files\Mozilla Firefox\extensions\{FD252D62-79D6-4B07-9AAC-799D5B0B7E8F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{FD252D62-79D6-4B07-9AAC-799D5B0B7E8F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{FD252D62-79D6-4B07-9AAC-799D5B0B7E8F}\install.rdf
c:\program files\Mozilla Firefox\extensions\{FF8B68FD-77D8-464B-A29C-F0BD0E47160A}
c:\program files\Mozilla Firefox\extensions\{FF8B68FD-77D8-464B-A29C-F0BD0E47160A}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{FF8B68FD-77D8-464B-A29C-F0BD0E47160A}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{FF8B68FD-77D8-464B-A29C-F0BD0E47160A}\install.rdf
c:\windows\system32\dmlconf.dat
C:\xcrashdump.dat

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-14 21:27 . 2010-11-14 21:27 -------- d-----w- c:\documents and settings\admin\Application Data\AVG10
2010-11-11 12:26 . 2010-11-11 12:26 -------- d-----w- c:\documents and settings\Shelley.COGGER\Local Settings\Application Data\Google
2010-11-11 04:45 . 2010-11-11 10:52 -------- d-----w- c:\program files\win
2010-11-11 02:16 . 2010-11-11 02:16 -------- d-----w- c:\documents and settings\Shelley.COGGER\Application Data\AVG10
2010-11-10 20:43 . 2010-11-10 20:43 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Local Settings\Application Data\Google
2010-11-08 21:33 . 2010-11-08 21:33 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Application Data\AVG10
2010-11-05 21:59 . 2010-11-05 21:59 -------- d-----w- C:\$AVG
2010-11-05 21:56 . 2010-11-05 21:56 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2010-11-05 21:50 . 2010-11-05 21:50 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\AVG10
2010-11-05 21:27 . 2010-11-14 23:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2010-11-05 21:09 . 2010-11-05 21:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2010-11-05 13:01 . 2010-11-05 22:34 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Fydy
2010-11-05 13:01 . 2010-11-05 13:01 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Rewi
2010-11-05 02:53 . 2010-11-05 22:34 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Quwe
2010-11-05 02:53 . 2010-11-05 02:53 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Ezud
2010-11-04 11:42 . 2010-11-05 02:54 -------- d-----w- c:\program files\tmp
2010-11-03 01:01 . 2010-11-05 22:34 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Icwega
2010-11-03 01:01 . 2010-11-05 01:45 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\Kuimx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2006-02-28 . 97D9234AB9D371B88A9F74A63F6187F9 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[-] 2006-02-28 . 1D79D5D451DA171D76FF06D4607C4B2B . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware.exe" [2010-11-04 2424560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-29 11:20 548352 ----a-w- d:\program files\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Alex.COGGER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Alex.COGGER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Net Assistant.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Net Assistant.lnk
backup=c:\windows\pss\Net Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
2006-11-17 20:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2005-08-08 06:10 16384 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
1999-10-11 01:00 41984 ----a-w- c:\windows\Ctregrun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-05-30 17:52 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2005-08-08 06:10 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
1998-11-30 21:04 497376 ----a-w- c:\windows\p_981116.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 18:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
1937-09-16 12:52 438359 ----a-r- c:\progra~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 04:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2005-08-08 05:51 25600 ----a-w- c:\windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-20 01:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-08 01:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\new steam\\Steam.exe"=
"c:\\new steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [8/5/2009 3:06 PM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [8/5/2009 3:06 PM 67656]
R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [4/16/2010 7:16 PM 36981]
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [5/3/2010 8:10 PM 31872]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [8/4/2009 8:33 PM 28672]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" --> c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [8/5/2009 3:06 PM 12872]
S4 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2009 9:46 PM 133104]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [3/15/2010 7:25 PM 51840]

--- Other Services/Drivers In Memory ---

*Deregistered* - Avgldx86
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 01:44]

2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]

2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]
.
.
------- Supplementary Scan -------
.
uStart Page = www.aliant.net
uInternet Settings,ProxyOverride = 127.0.0.1
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
HKLM-Run-AudioDrvEmulator - c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
MSConfigStartUp-Adobe Reader Speed Launcher - d:\program files\Reader\Reader_sl.exe
MSConfigStartUp-ALi5289 - c:\program files\ULI5289\ALi5289.exe
MSConfigStartUp-amtbashl - c:\documents and settings\Jonathan.COGGER\Local Settings\Application Data\vsfehylpn\nwcwaajtssd.exe
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Creative Detector - c:\program files\Creative\MediaSource\Detector\CTDetect.exe
MSConfigStartUp-CTDVDDET - c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
MSConfigStartUp-LVCOMS - c:\windows\system32\LVCOMS.EXE
MSConfigStartUp-nonep - c:\docume~1\JONATH~1.COG\LOCALS~1\Temp\tmp6c885fa5\r_KillEXE.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-RCSystem - c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-UnlockerAssistant - d:\program files\Unlocker\UnlockerAssistant.exe
MSConfigStartUp-VolPanel - c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
MSConfigStartUp-{D4464CD8-4587-82F6-F544-B7922534C6D1} - c:\documents and settings\Dave.COGGER\Application Data\Orgiuh\uvnod.exe
AddRemove-All ATI Software - c:\program files\ATI Technologies\UninstallAll\AtiCimUn.exe
AddRemove-InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update\\rnuninst.exe
AddRemove-Sound Blaster X-Fi Windows Drivers - c:\program files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE
AddRemove-Unlocker - d:\program files\Unlocker\uninst.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 20:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
d:\program files\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-14 20:03:41
ComboFix-quarantined-files.txt 2010-11-15 00:03

Pre-Run: 18,907,873,280 bytes free
Post-Run: 18,918,178,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - A9FDA6CE69BF1483C7547CD40E5FFAC9

Broni · Nov 14, 2010

Do you have Windows XP CD?

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Folder::
c:\documents and settings\Dave.COGGER\Application Data\Fydy
c:\documents and settings\Dave.COGGER\Application Data\Rewi
c:\documents and settings\Dave.COGGER\Application Data\Quwe
c:\documents and settings\Dave.COGGER\Application Data\Ezud
c:\documents and settings\Dave.COGGER\Application Data\Icwega
c:\documents and settings\Dave.COGGER\Application Data\Kuimx


DDS::
uInternet Settings,ProxyOverride = 127.0.0.1

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

davidanthony · Nov 15, 2010

combo log after CFscript

ComboFix 10-11-14.01 - Dave 11/15/2010 16:57:56.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.731 [GMT -4:00]
Running from: c:\documents and settings\Dave.COGGER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave.COGGER\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dave.COGGER\Application Data\Ezud
c:\documents and settings\Dave.COGGER\Application Data\Fydy
c:\documents and settings\Dave.COGGER\Application Data\Icwega
c:\documents and settings\Dave.COGGER\Application Data\Kuimx
c:\documents and settings\Dave.COGGER\Application Data\Quwe
c:\documents and settings\Dave.COGGER\Application Data\Rewi

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-15 21:02 . 2010-11-15 21:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-11-14 22:31 . 2010-11-14 22:31 -------- d-----w- c:\documents and settings\Alex.COGGER\Application Data\AVG10
2010-11-14 22:29 . 2010-11-14 22:29 -------- d-----w- c:\documents and settings\Nic\Application Data\AVG10
2010-11-14 21:27 . 2010-11-14 21:27 -------- d-----w- c:\documents and settings\admin\Application Data\AVG10
2010-11-11 12:26 . 2010-11-11 12:26 -------- d-----w- c:\documents and settings\Shelley.COGGER\Local Settings\Application Data\Google
2010-11-11 04:45 . 2010-11-11 10:52 -------- d-----w- c:\program files\win
2010-11-11 02:16 . 2010-11-11 02:16 -------- d-----w- c:\documents and settings\Shelley.COGGER\Application Data\AVG10
2010-11-10 20:43 . 2010-11-10 20:43 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Local Settings\Application Data\Google
2010-11-08 21:33 . 2010-11-08 21:33 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Application Data\AVG10
2010-11-05 21:59 . 2010-11-05 21:59 -------- d-----w- C:\$AVG
2010-11-05 21:56 . 2010-11-05 21:56 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2010-11-05 21:50 . 2010-11-05 21:50 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\AVG10
2010-11-05 21:27 . 2010-11-14 23:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2010-11-05 21:09 . 2010-11-05 21:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2010-11-04 11:42 . 2010-11-05 02:54 -------- d-----w- c:\program files\tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2006-02-28 . 97D9234AB9D371B88A9F74A63F6187F9 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[-] 2006-02-28 . 1D79D5D451DA171D76FF06D4607C4B2B . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-15_00.02.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 10:00 . 2010-11-14 23:48 67312 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2010-11-15 20:51 67312 c:\windows\system32\perfc009.dat
+ 2010-11-15 20:48 . 2010-11-15 20:48 21504 c:\windows\Installer\25a50.msi
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe
+ 2004-08-04 10:00 . 2010-11-15 20:51 432356 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2010-11-14 23:48 432356 c:\windows\system32\perfh009.dat
+ 2010-11-15 21:02 . 2010-11-15 21:02 1223680 c:\windows\Installer\ca060.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware.exe" [2010-11-04 2424560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-29 11:20 548352 ----a-w- d:\program files\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Alex.COGGER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Alex.COGGER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Net Assistant.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Net Assistant.lnk
backup=c:\windows\pss\Net Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
2006-11-17 20:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2005-08-08 06:10 16384 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
1999-10-11 01:00 41984 ----a-w- c:\windows\Ctregrun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-05-30 17:52 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2005-08-08 06:10 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
1998-11-30 21:04 497376 ----a-w- c:\windows\p_981116.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 18:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
1937-09-16 12:52 438359 ----a-r- c:\progra~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 04:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2005-08-08 05:51 25600 ----a-w- c:\windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-20 01:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-08 01:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\new steam\\Steam.exe"=
"c:\\new steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [8/5/2009 3:06 PM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [8/5/2009 3:06 PM 67656]
R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [4/16/2010 7:16 PM 36981]
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [5/3/2010 8:10 PM 31872]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [8/4/2009 8:33 PM 28672]
S2 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2009 9:46 PM 133104]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" --> c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [8/5/2009 3:06 PM 12872]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [3/15/2010 7:25 PM 51840]
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 01:44]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]
.
.
------- Supplementary Scan -------
.
uStart Page = www.aliant.net
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 17:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
d:\program files\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-15 17:09:49
ComboFix-quarantined-files.txt 2010-11-15 21:09
ComboFix2.txt 2010-11-15 00:03

Pre-Run: 18,906,468,352 bytes free
Post-Run: 18,835,148,800 bytes free

- - End Of File - - AE0220E94433923D8BF91B0984CD5651

Broni · Nov 15, 2010

We still have those two Windows files infected. Let's see, if we can find replacements.
Do you have Windows XP CD?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Use the following settings:

Check Scan All Users.
For Processes choose none.
For Modules choose none.
For Services choose none.
For Drivers choose none.
For Standard Registry choose none.
For Extra Registry choose none.
For Files Created Within choose none.
For Files Modified Within choose none.
Under Custom Scans/Fixes paste:

Code:

/md5start
winlogon.exe
explorer.exe
/md5stop

Finally hit Run Scan and wait for the log to open.
Please post the content of the log into your next reply.

davidanthony · Nov 15, 2010

OTL log

OTL logfile created on: 11/15/2010 8:47:15 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Dave.COGGER\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 670.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 17.56 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 47.38 Gb Free Space | 25.43% Space Free | Partition Type: NTFS
Drive F: | 1001.26 Mb Total Space | 376.35 Mb Free Space | 37.59% Space Free | Partition Type: FAT32

Computer Name: COGGER | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=1D79D5D451DA171D76FF06D4607C4B2B -- C:\WINDOWS\explorer.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=97D9234AB9D371B88A9F74A63F6187F9 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

< End of report >

Broni · Nov 15, 2010

Do you have Windows XP CD?

davidanthony · Nov 15, 2010

Yes Win XP Home Ed.

Broni · Nov 15, 2010

Good.
Let's double check something...

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
- C:\WINDOWS\explorer.exe
- C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

davidanthony · Nov 15, 2010

File name:
winlogon.exe
Submission date:
2010-11-16 01:31:38 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 43 (0.0%)

davidanthony · Nov 15, 2010

File name:
explorer.exe
Submission date:
2010-11-16 01:39:56 (UTC)
Current status:
queued (#6) queued (#6) analysing finished
Result:
0/ 43 (0.0%)

davidanthony · Nov 15, 2010

C:\WINDOWS\explorer.exe when i tried to upload this file to VT it tried to upload and then went back
to the upload window [browse]

When i opened the file above to check its properties pc hung and the desktop icons disappeared.

davidanthony · Nov 15, 2010

The explorer.exe that passed the analysis is the one located under s/w dist.

Broni · Nov 15, 2010

OK, good.
Let's try to replace both files...

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

FCopy::
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe | C:\WINDOWS\explorer.exe
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe | C:\WINDOWS\system32\winlogon.exe

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

davidanthony · Nov 15, 2010

same with winlogon.exe i couldn't u/l it to VT.

Broni · Nov 15, 2010

Follow my previous reply, if you didn't notice it.

davidanthony · Nov 15, 2010

ComboFix 10-11-14.01 - Dave 11/15/2010 22:10:40.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.735 [GMT -4:00]
Running from: c:\documents and settings\Dave.COGGER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave.COGGER\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\explorer.dat

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe --> c:\windows\explorer.exe
c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe --> c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-16 01:53 . 2010-11-16 01:53 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Temp
2010-11-15 21:02 . 2010-11-15 21:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-11-14 22:31 . 2010-11-14 22:31 -------- d-----w- c:\documents and settings\Alex.COGGER\Application Data\AVG10
2010-11-14 22:29 . 2010-11-14 22:29 -------- d-----w- c:\documents and settings\Nic\Application Data\AVG10
2010-11-14 21:27 . 2010-11-14 21:27 -------- d-----w- c:\documents and settings\admin\Application Data\AVG10
2010-11-11 12:26 . 2010-11-11 12:26 -------- d-----w- c:\documents and settings\Shelley.COGGER\Local Settings\Application Data\Google
2010-11-11 04:45 . 2010-11-11 10:52 -------- d-----w- c:\program files\win
2010-11-11 02:16 . 2010-11-11 02:16 -------- d-----w- c:\documents and settings\Shelley.COGGER\Application Data\AVG10
2010-11-10 20:43 . 2010-11-10 20:43 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Local Settings\Application Data\Google
2010-11-08 21:33 . 2010-11-08 21:33 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Application Data\AVG10
2010-11-05 21:59 . 2010-11-05 21:59 -------- d-----w- C:\$AVG
2010-11-05 21:56 . 2010-11-05 21:56 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2010-11-05 21:50 . 2010-11-05 21:50 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\AVG10
2010-11-05 21:27 . 2010-11-14 23:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2010-11-05 21:09 . 2010-11-05 21:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2010-11-04 11:42 . 2010-11-05 02:54 -------- d-----w- c:\program files\tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2008-04-14 . 548E23C88C1FD9032CEA2A4B46DD6FD7 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 4494E27ADDA19F923B454B4F94D03E8B . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-15_00.02.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 10:00 . 2010-11-14 23:48 67312 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2010-11-16 02:01 67312 c:\windows\system32\perfc009.dat
+ 2010-11-15 20:48 . 2010-11-15 20:48 21504 c:\windows\Installer\25a50.msi
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe
+ 2004-08-04 10:00 . 2010-11-16 02:01 432356 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2010-11-14 23:48 432356 c:\windows\system32\perfh009.dat
+ 2010-11-15 21:02 . 2010-11-15 21:02 1223680 c:\windows\Installer\ca060.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware.exe" [2010-11-04 2424560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-29 11:20 548352 ----a-w- d:\program files\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Alex.COGGER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Alex.COGGER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Net Assistant.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Net Assistant.lnk
backup=c:\windows\pss\Net Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
2006-11-17 20:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2005-08-08 06:10 16384 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
1999-10-11 01:00 41984 ----a-w- c:\windows\Ctregrun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-05-30 17:52 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2005-08-08 06:10 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
1998-11-30 21:04 497376 ----a-w- c:\windows\p_981116.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 18:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
1937-09-16 12:52 438359 ----a-r- c:\progra~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 04:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2005-08-08 05:51 25600 ----a-w- c:\windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-20 01:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-08 01:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\new steam\\Steam.exe"=
"c:\\new steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [8/5/2009 3:06 PM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [8/5/2009 3:06 PM 67656]
R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [4/16/2010 7:16 PM 36981]
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [5/3/2010 8:10 PM 31872]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [8/4/2009 8:33 PM 28672]
S2 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2009 9:46 PM 133104]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" --> c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [8/5/2009 3:06 PM 12872]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [3/15/2010 7:25 PM 51840]
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 01:44]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]
.
.
------- Supplementary Scan -------
.
uStart Page = www.aliant.net
uInternet Settings,ProxyOverride = 127.0.0.1
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 22:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
d:\program files\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-15 22:20:39
ComboFix-quarantined-files.txt 2010-11-16 02:20
ComboFix2.txt 2010-11-15 21:09
ComboFix3.txt 2010-11-15 00:03

Pre-Run: 18,818,617,344 bytes free
Post-Run: 18,806,534,144 bytes free

- - End Of File - - 526B43D5BB0343E6EE763CF4D72B0133

Broni · Nov 15, 2010

Delete your Combofix file, download fresh one and post new log.

davidanthony · Nov 16, 2010

ComboFix 10-11-15.06 - Dave 11/16/2010 7:39.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.673 [GMT -4:00]
Running from: F:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-16 01:53 . 2010-11-16 01:53 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Temp
2010-11-14 22:31 . 2010-11-14 22:31 -------- d-----w- c:\documents and settings\Alex.COGGER\Application Data\AVG10
2010-11-14 22:29 . 2010-11-14 22:29 -------- d-----w- c:\documents and settings\Nic\Application Data\AVG10
2010-11-14 21:27 . 2010-11-14 21:27 -------- d-----w- c:\documents and settings\admin\Application Data\AVG10
2010-11-11 12:26 . 2010-11-11 12:26 -------- d-----w- c:\documents and settings\Shelley.COGGER\Local Settings\Application Data\Google
2010-11-11 04:45 . 2010-11-11 10:52 -------- d-----w- c:\program files\win
2010-11-11 02:16 . 2010-11-11 02:16 -------- d-----w- c:\documents and settings\Shelley.COGGER\Application Data\AVG10
2010-11-10 20:43 . 2010-11-10 20:43 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Local Settings\Application Data\Google
2010-11-08 21:33 . 2010-11-08 21:33 -------- d-----w- c:\documents and settings\Jonathan.COGGER\Application Data\AVG10
2010-11-05 21:59 . 2010-11-05 21:59 -------- d-----w- C:\$AVG
2010-11-05 21:56 . 2010-11-05 21:56 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2010-11-05 21:50 . 2010-11-05 21:50 -------- d-----w- c:\documents and settings\Dave.COGGER\Application Data\AVG10
2010-11-05 21:27 . 2010-11-14 23:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2010-11-05 21:09 . 2010-11-05 21:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2010-11-04 11:42 . 2010-11-05 02:54 -------- d-----w- c:\program files\tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2008-04-14 . 548E23C88C1FD9032CEA2A4B46DD6FD7 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 4494E27ADDA19F923B454B4F94D03E8B . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-15_00.02.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 10:00 . 2010-11-14 23:48 67312 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2010-11-16 02:01 67312 c:\windows\system32\perfc009.dat
+ 2010-11-15 20:48 . 2010-11-15 20:48 21504 c:\windows\Installer\25a50.msi
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-11-15 21:02 . 2010-11-15 21:02 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe
+ 2004-08-04 10:00 . 2010-11-16 02:01 432356 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2010-11-14 23:48 432356 c:\windows\system32\perfh009.dat
+ 2010-11-15 21:02 . 2010-11-15 21:02 1223680 c:\windows\Installer\ca060.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware.exe" [2010-11-04 2424560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-29 11:20 548352 ----a-w- d:\program files\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Alex.COGGER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Alex.COGGER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Net Assistant.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Net Assistant.lnk
backup=c:\windows\pss\Net Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave.COGGER^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Dave.COGGER\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
2006-11-17 20:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2005-08-08 06:10 16384 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
1999-10-11 01:00 41984 ----a-w- c:\windows\Ctregrun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-05-30 17:52 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2005-08-08 06:10 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
1998-11-30 21:04 497376 ----a-w- c:\windows\p_981116.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 18:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
1937-09-16 12:52 438359 ----a-r- c:\progra~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 04:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2005-08-08 05:51 25600 ----a-w- c:\windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-20 01:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-08 01:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\new steam\\Steam.exe"=
"c:\\new steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [8/5/2009 3:06 PM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [8/5/2009 3:06 PM 67656]
R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [4/16/2010 7:16 PM 36981]
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [5/3/2010 8:10 PM 31872]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [8/4/2009 8:33 PM 28672]
S2 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2009 9:46 PM 133104]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" --> c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 72728]
S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [8/5/2009 3:06 PM 12872]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [3/15/2010 7:25 PM 51840]
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 01:44]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:45]
.
.
------- Supplementary Scan -------
.
uStart Page = www.aliant.net
uInternet Settings,ProxyOverride = 127.0.0.1
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-16 07:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
d:\program files\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-16 07:46:21
ComboFix-quarantined-files.txt 2010-11-16 11:46
ComboFix2.txt 2010-11-16 02:20
ComboFix3.txt 2010-11-15 21:09
ComboFix4.txt 2010-11-15 00:03

Pre-Run: 18,673,057,792 bytes free
Post-Run: 18,662,346,752 bytes free

- - End Of File - - 49DDCC66F066E8276A303CE570CAC94F

Solved Google redirect.

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 64 +0

Posts: 64 +0

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 64 +0

Posts: 64 +0

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Similar threads