KillAV.KI {TRJ} JS:FakeAV-K[TRJ], TRJ[GEN], avast not updatind, Sad But True

[micky77]

One more thing, before you start with the rescue cds etc, someone recently suggested another program similar to HJT, I would like you to download.It will produce a BIG log, If you click on the link,and go to  Step Six:(title ) Post an OTListIt2 Log. Use the dowload link, and follow the instructions listed on step six. I scanned on my pc, the scan took about 20 mins. Please copy/paste the log here. I downloaded to my desktop,where a log will remain for reference.
Because the log may be so big, you will have to split it into several posts ( as its 1000 max characters per post ) Hopefully some of the more experienced will check out the log. I am unfamiliar with this program and will be keen to view it too.
http://www.geekstogo.com/forum/Malware-Spyware-Cleaning-Guide-t2852.html

This is what a log looks like ( continued on page 2 )
If your log contains the 'many' hosts entries you have, it will be unpostable

http://forum.avast.com/index.php?topic=44267.msg371615#msg371615

[St.Anger_561_]

ok update time, thanks again for all of your advice, especially Micky77 and Tech!!

I am running DrWeb CureIt! in depth now, thus far it has found even more junk on my system i was unaware of having, for example: 
2 probable backdoor trojans, one with an infected archive,
trojan.startpage.1505, whatever that is,
tool.prockill (this is from virtumondobegone.exe) - again with infected archive
Bat.Generic (infected container)
another 2 probable backdoor.trojan
1 probabe dloader.trojan
and its only about 1 /3 of the way though my system, lovely!  I don't thinK I will have time to finish that scan before I leave for work.

Also I had to type in my password 3 times before I could log into windows on my infected pc and when I tried to log into this forum I had to change my password, 2nd time in two days, which I guess is a good thing with all that I have going on.

I have SAS and MBAM already, but I have downloaded Spyware Terminator
I have dowloaded Avast anti rootkit, and Runscanner.

System Restore was disabled from before.  I checked Secunia, shows me I am up to date on my infected pc.


My hosts file is still huge Micky77!  I have not done what you suggested, yet, regarding sypbot and changing the "lock your hostfile setting"  The reasonis that I am in safe mode in my infected pc, and, although it appears that spybot is loaded, when I click on it I get nothing coming up and when I click on "switch to task" under task manager, which shows me like its running, I get nothing.  I am going to have to try what you suggest under normal windows, but of course I want the Dr. Web to finish its run first.

I did download and burn a rescue disk from Avira.  that is going to be my next step after the above. I would rather try Avira then kapersky, at this point.

Thanks again for your help, especially micky and tech.  I hope to have this resolved soon that I can focus my energy and anger in a different direction and I will not feel so "frantic" about this ; )  thanks agan.

[micky77]

I am glad your having success with Dr Web, best to run in safe mode. Remember to always look at the locations of infections that are found. It possible they are being found in quarantine , what other programs have already removed,or they are just copies in system restore, or maybe even fp's, its possible that trojan.startpage.1505  may be part of spybots snapshots ( believe it or not I had this fp, some time ago ) also tool.prockill seems to be part of a legit removal tool.
I admire your determination,keep up the good work 

[St.Anger_561_]

ok well update time.  I have not given up yet!  But I am frustrated.  Thank god I have another cpu that is not messed up.

Anyway I checked the Spybot IE Tweeks, and I did not have the "locking hosts file" function on, but of course spybot would not load properly in safe mode, only in normal mode, so I am beginning to think it is suspect and considering removing it at this point.

I will try what you suggested before running the rescue disk.  I did what tech had advised and tried another avast archive boot scan, but it didnt turn up anything.

THis program I downloaded SpyHunter3 advised me of zlob.trojan on my system, but it wants me to buy the program before it removes it!  I can do that but I am concerned that this may not even be the real problem and what if I buy it and I still have this problem, you know what I mean?

ALso I tried that panda active scan online, it showed me that I have the KillAV.KI trojan, but then it asks me to "register" for free to get this removed. I provided two email addresses and have waited for a couple of days to get an email from them to "register", but I never got any email from them!!!!

I don't know why that is, has anyone else had this problem?  That is pretty frustrating. I thought about downloading the panda program, but last time I tried to do that (over  a year ago) it would not install properly on my system, plus I know its not good to have more then one av running at a time on my system (I think I am beyond that point now with all the programs that I have been downloading, lol)

Thanks again.  I plan on putting some work into my infected cpu tommorrow when I am off of work.  Will update again.

[micky77]

  But I am frustrated. 

Yes, me too. You do not seem to be heeding any advice.Instead of doing what i suggested,you go and download, what could be a threat itself.Please remove spyhunter3 asap.IF you have MBAM and SAS .You do not need anymore antispyware programs.
Because this malware has restricted use/access of online scanners ( most wont remove malware anyway ).This route seems pointless.
So what happened with DrWeb ?
Right, this is what I think. First remove Spyhunter. Run MBAM again.Then either disable the immunsation part of spybot ( this adds thousands of legit entries into your host file.) Your host file is buggered anyway.Or even better REMOVE SPYBOT altogether. What good as it done you ?
Next,clear all entries in your host file,either by using hostsxpert, or manually by opening with notepad,clearing,and saving.
Then post the OTlistit2 log I asked for.With careful examination,it might be possible to see malicious files.
Then run the Avira rescue disk. This program is excellent, the main advantage is ,it will not boot windows.So your virus is fast asleep.
Ive just seen on another forum, this disc take out several nasty tdss trojans and the rootkit protecting them. It will not remove any threat,merely disable them, by altering the  extensions
So thats    1  Remove spyhunter
               2  Run MABM again, to make sure spyhunter is gone
               3  Remove spybot ( with MBAM and SAS you do not need it )
               4  Clear your host file
               5  Post the OTlistit2 log
               6  Run Avira rescue disk.

Also do not become fixated with AV kill and Panda. All AV programs have different names for threats.Waiting endlessly for a reply from panda, is too frustrating. As it says on their site, complete malware removal and tech support is for the paid version, probably for an extra fee.

EDIT I have just added an entry to my host file, and a scan with OTlistit2 did show it on the scan,so its important to clear the entries in your file,before posting the log.Especially if you have thousands of legit spybot immunisation entries.

[CharleyO]

***

May I ask where you got SpyHunter3 from and did you have it at the beginning of this problem?


***

[micky77]

***
did you have it at the beginning of this problem?
***

It would have shown in his HJT log, ( although the second log was run in safe mode,and has bits missing )
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[CharleyO]

***

Yeah, I know about Enigma. it does not have a good reputation. You are right, running HJT in safe mode misses many things. Also, Prevx says SpyHunter3 is cloaked malware.

I wanted to know where the OP got it from because there also many cracked/keygen versions of SpyHunter3.


***

[St.Anger_561_]

Thanks again I am awake and ready to tackle this full force today!  I will remove spyhunter 3 asap.  I am so glad I read your posts. 

EDIT * I found out where I got spyhunter3 Charely.  After perming a websearch for killav.ki removal a website said that program could remove it (which was a lie! It didn't even detect that, just this zlob.trojan thing) I downloaded Spyhunter 3 from the website spywareremove . com and I know for certain that I did not have that program when my problems started, as micky77 has indicated. EDIT*

I believe my problems started when I went to a website that sells medications online (which I have never done! I was just curious as to what kinds of meds that one can order online, NEVER AGAIN!!!)

Anyway I am up and at them.  I am going to do what Micky said and post again on my progress.  Hopefully very soon.  Many thanks again for your expertise and advise.

[micky77]

You'd better start with MBAM and SAS fully updated

http://www.mywot.com/en/scorecard/spywareremove.com

Oh dear 

If you used another pc to download Spyhunter from Spywareremove,chances are that may  now be infected too ( hopefully not )

[St.Anger_561_]

wow that is a real bummer!  I did d/l from another cpu, even though I did not install on the other cpu.  I do have MBAM on my other cpu, but not SAS, which I will be downloading immediately.  Always something exciting, isn't it?

Well here is my log from the old timer 2 listit program:  I guess the bright side is if I need to do this all again I am getting plenty of practice, lol!  and some great advice, of course.  Thanks again Micky77

OTListIt logfile created on: 4/25/2009 9:12:06 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0     Folder = C:\Documents and Settings\Levent Canyas\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.25 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 72.42% Memory free
1.48 Gb Paging File | 1.32 Gb Available in Paging File | 88.97% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 33.09 Gb Free Space | 44.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 1.94 Gb Total Space | 1.80 Gb Free Space | 92.54% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: D3Z3PF41
Current User Name: Levent Canyas
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
 
========== Processes (SafeList) ==========
 
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2002/08/29 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/09 15:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/04/25 09:04:20 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Levent Canyas\My Documents\OTListIt2.exe
 
========== Win32 Services (SafeList) ==========
 
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 17:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Stopped])
SRV - [2009/02/05 17:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Stopped])
SRV - [2009/02/05 17:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/02/05 17:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2002/04/12 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/27 00:45:33 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - File not found --  -- (iPod Service [Disabled | Stopped])
SRV - [2009/04/18 21:40:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2003/06/18 10:54:10 | 00,294,972 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Stopped])
SRV - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found --  -- (NMIndexingService [Disabled | Stopped])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2003/02/04 09:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\System32\ScsiAccess.EXE -- (ScsiAccess [Auto | Stopped])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Stopped])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2005/10/06 19:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])
 

[St.Anger_561_]

color=orange]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/02/05 17:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Stopped])
DRV - [2002/04/01 15:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Stopped])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [1999/09/10 07:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Stopped])
DRV - [2009/02/05 17:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Stopped])
DRV - [2009/02/05 17:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Stopped])
DRV - [2009/02/05 17:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
DRV - [2009/02/05 17:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Stopped])
DRV - [2009/02/05 17:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Stopped])
DRV - [2003/05/23 14:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
DRV - [2001/08/17 14:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\Brfilt.sys -- (brfilt [On_Demand | Stopped])
DRV - [2003/03/14 01:04:20 | 00,061,952 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrSerWdm.sys -- (BrSerWDM [On_Demand | Stopped])
DRV - [2001/08/17 14:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm [On_Demand | Stopped])
DRV - [2001/08/17 14:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrUsbScn.sys -- (BrUsbScn [On_Demand | Stopped])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2003/06/18 10:53:08 | 00,036,826 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\DRIVERS\DcCam.sys -- (DcCam [System | Running])
DRV - [2003/06/18 10:53:08 | 00,061,568 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\DRIVERS\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped])
DRV - [2003/06/18 10:53:08 | 00,038,997 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\dcfs2k.sys -- (DCFS2K [Auto | Stopped])
DRV - [2003/06/18 10:53:08 | 00,008,058 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\DRIVERS\DcLps.sys -- (DcLps [On_Demand | Stopped])
DRV - [2003/06/18 10:53:08 | 00,063,002 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\DRIVERS\DcPTP.sys -- (DcPTP [On_Demand | Stopped])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSPROCT [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Stopped])
DRV - [2001/08/17 14:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2003/06/18 10:53:08 | 00,138,485 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\DRIVERS\exportit.sys -- (Exportit [System | Stopped])
DRV - [2005/10/21 18:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/10/21 18:58:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/10/21 18:52:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2003/07/02 12:26:20 | 00,202,368 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Stopped])
DRV - [2003/07/02 12:24:16 | 01,063,936 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2005/10/19 09:59:12 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])

[St.Anger_561_]

DRV - [2003/04/09 15:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Stopped])
DRV - [2008/04/13 14:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mf.sys -- (mf [On_Demand | Stopped])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2003/06/13 13:06:32 | 00,030,336 | ---- | M] (Politecnico di Torino) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 15:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Stopped])
DRV - [2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Stopped])
DRV - [2005/08/19 04:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/02/28 11:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2009/04/19 22:57:34 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Stopped])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/07/02 12:25:24 | 00,631,680 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2004/01/26 21:42:44 | 00,728,083 | ---- | M] (Xirlink, Inc) -- C:\WINDOWS\System32\DRIVERS\ucdnt.sys -- (XIRLINK [On_Demand | Stopped])
DRV - [2003/04/15 12:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/04/15 12:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])
 
========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[St.Anger_561_]

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com;
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.live.com;
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\S-1-5-21-2835264611-1626357533-382488265-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2835264611-1626357533-382488265-1007\S-1-5-21-2835264611-1626357533-382488265-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla.org"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/18 09:19:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2009/04/18 21:06:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/18 21:40:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/25 07:17:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/25 07:17:31 | 00,000,000 | ---D | M]

[St.Anger_561_]

 
[2008/08/29 21:08:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Levent Canyas\Application Data\mozilla\Extensions
[2008/08/29 21:08:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Levent Canyas\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/25 07:36:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Levent Canyas\Application Data\mozilla\Firefox\Profiles\0yyypzpn.default\extensions
[2009/04/19 12:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Levent Canyas\Application Data\mozilla\Firefox\Profiles\0yyypzpn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/22 23:26:20 | 00,001,412 | ---- | M] () -- C:\Documents and Settings\Levent Canyas\Application Data\Mozilla\FireFox\Profiles\0yyypzpn.default\searchplugins\bittorrent.xml
[2009/04/22 23:26:20 | 00,005,500 | ---- | M] () -- C:\Documents and Settings\Levent Canyas\Application Data\Mozilla\FireFox\Profiles\0yyypzpn.default\searchplugins\foodtv.xml
[2008/06/25 21:37:59 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Levent Canyas\Application Data\Mozilla\FireFox\Profiles\0yyypzpn.default\searchplugins\IMDB.xml
[2008/07/02 22:03:26 | 00,001,963 | ---- | M] () -- C:\Documents and Settings\Levent Canyas\Application Data\Mozilla\FireFox\Profiles\0yyypzpn.default\searchplugins\odeo.xml
[2008/06/25 21:38:03 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Levent Canyas\Application Data\Mozilla\FireFox\Profiles\0yyypzpn.default\searchplugins\wikipedia.xml
[2009/04/25 07:36:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/25 07:17:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/03/03 21:11:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2007/04/26 04:24:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/19 21:22:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/14 12:28:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/15 23:18:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/29 21:14:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/18 21:43:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/25 07:17:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/25 07:17:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2005/02/25 20:27:00 | 00,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\inspector.dll
[2009/04/25 07:17:25 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/25 07:17:25 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/25 07:17:25 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/25 07:17:25 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/25 07:17:25 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/25 07:17:25 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/25 07:17:25 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml