Akodo Daimyo
2010-08-09, 19:18
In my systems32/system folder I have the files "SafeSurf.exe" and "surfguard.exe" which I suspect are a virus. I have followed the instructions for manual removal found here (http://forums.spybot.info/showthread.php?t=37434). However, when I reboot the files reappear and attempt to run.
Also, when I reboot a variety of processes start up , like wmplayer.exe and w3wp.exe, that usually don't.
Examining my task manager I've also discovered the evP.exe process, which I find suspicious.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owned at 10:05:41.58 on Mon 08/09/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3053.1572 [GMT -7:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Process Blocker\Process Blocker.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\system\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Process Blocker\Tray Informer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\LGDEVAGT.EXE
C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\LCD MANAGER\LCDMON.EXE
C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\G-SERIES SOFTWARE\LGDCORE.EXE
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\mcbuilder.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\owned\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5628
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5628
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5628
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5628
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\owned\appdata\roaming\mozilla\firefox\profiles\i318z3nb.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owned\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation
foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",
"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-8 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-8 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-8 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
R2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-4-6 158168]
R2 NMSCore;Intel(R) NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-4-6 313816]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 Process Blocker;Process Blocker;c:\program files\process blocker\Process Blocker.exe [2010-4-22 106712]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-4-6 272856]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-8 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
R2 Win_Updater;Windows Updater;c:\windows\system32\system\svchost.exe [2010-7-27 1198592]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2006-8-25 5504]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S2 0210431281293957mcinstcleanup;McAfee Application Installer Cleanup (0210431281293957);c:\users\owned\appdata\local\temp\021043~1.exe c:\progra~1\common~1
\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\owned\appdata\local\temp\021043~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog
-service [?]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe --> c:\program files\ca\ca internet security
suite\ccschedulersvc.exe [?]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; [x]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-4-6 39896]
S3 EMSUSB2;EMS USB Joypad2;c:\windows\system32\drivers\Emsusb2.sys [2010-5-29 9728]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-19 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-15 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\drivers\MijUfilt.sys [2009-7-20 17408]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-8-8 27192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-7-20 27904]
============== File Associations ===============
regfile="regedit.exe" "%1"
.txt=
=============== Created Last 30 ================
2010-08-09 02:50:29 0 d-----w- c:\program files\SpywareBlaster
2010-08-09 02:49:48 0 d-----w- c:\users\owned\appdata\roaming\WinPatrol
2010-08-09 02:49:43 0 d-----w- c:\program files\BillP Studios
2010-08-09 00:38:44 0 d-----w- c:\program files\efs
2010-08-08 23:57:45 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-08-08 23:54:29 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-08 23:54:10 38848 ----a-w- c:\windows\avastSS.scr
2010-08-08 23:42:50 0 d-sh--w- C:\found.002
2010-08-08 04:18:45 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-08 04:18:45 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-08 04:18:45 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-08 04:18:44 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-08 04:18:44 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-08 04:18:44 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-08 04:18:44 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-08 04:18:44 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-07 13:25:34 0 d-----w- c:\programdata\Rosetta Stone
2010-08-07 13:25:34 0 d-----w- c:\program files\Rosetta Stone
2010-08-07 06:02:01 0 d-----w- c:\program files\StarCraft II
2010-08-07 04:12:22 0 d-----w- c:\program files\Process Blocker
2010-08-07 01:46:23 250544 ----a-w- c:\windows\system32\KeyHelp.ocx
2010-08-07 01:46:23 0 d-----w- c:\program files\common files\Scanner
2010-08-07 01:46:17 6552 ----a-w- c:\windows\system32\wbem\canvprov.mof
2010-08-07 01:46:17 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll
2010-08-07 01:46:14 0 d-----w- c:\program files\CA
2010-08-07 01:45:16 0 d-----w- c:\programdata\CA
2010-08-07 01:15:51 42 ----a-w- c:\windows\system32\scud.udf
2010-08-06 16:40:26 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2010-08-06 16:40:26 3018 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-08-06 16:40:00 522928 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-08-06 16:40:00 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2010-08-06 16:40:00 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-08-06 16:40:00 0 d-----w- c:\users\owned\appdata\roaming\AccurateRip
2010-08-06 16:39:56 0 d-----w- c:\program files\Illustrate
2010-08-05 19:35:13 0 d-----w- c:\programdata\Enkord
2010-08-05 19:34:50 4286 ----a-w- c:\windows\system32\ico.ico
2010-08-05 19:34:48 0 d-----w- c:\windows\system32\system
2010-08-05 19:26:01 0 d-----w- C:\Games
2010-08-03 18:57:02 0 d-----w- c:\programdata\Blizzard Entertainment
2010-07-31 01:41:30 0 d-----w- c:\program files\Will
2010-07-30 01:45:23 0 d-----w- c:\programdata\RosettaStoneLtdBackup
2010-07-28 22:58:56 11831 ----a-w- c:\windows\system32\drivers\SlUSBFlt.sys
2010-07-28 22:58:55 608 ----a-w- c:\windows\UnDeviceUpd
2010-07-28 22:58:55 13395 ----a-w- c:\windows\system32\drivers\SlFilter.sys
2010-07-28 18:58:30 6 ----a-w- c:\windows\system32\cuatro.ini
2010-07-28 18:58:26 0 d-----w- c:\program files\Liberty BASIC v4.03
2010-07-27 18:38:05 0 d-----w- c:\windows\system32\xlive
2010-07-27 02:26:15 283 ----a-w- c:\windows\EReg220.dat
2010-07-27 01:25:33 0 d-----w- C:\zap
2010-07-26 23:12:29 0 d-----w- c:\programdata\Mozilla
2010-07-26 23:11:09 0 d-----w- c:\program files\Oni
2010-07-26 21:54:42 821553 ----a-w- C:\fraglist.luar
2010-07-26 07:42:40 0 d-----w- c:\windows\Depths Of Peril
2010-07-26 07:42:39 0 d-----w- c:\program files\Depths Of Peril
2010-07-26 04:02:33 0 d-----w- c:\users\owned\appdata\roaming\StarBlaze2
2010-07-26 02:42:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2010-07-26 02:42:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2010-07-26 02:38:15 0 d-----w- c:\programdata\Logitech
2010-07-26 00:32:21 0 d-----w- c:\program files\Deep Silver
2010-07-25 22:50:09 0 d-----w- c:\programdata\Muzzy Lane
2010-07-25 06:02:17 0 d-----w- C:\HeroLab
2010-07-25 05:52:51 0 d-----w- c:\users\owned\appdata\roaming\Foxit Software
2010-07-25 05:52:14 0 d-----w- c:\program files\Foxit Software
2010-07-25 01:48:40 0 d-----w- c:\program files\uTorrent
2010-07-25 01:48:11 0 d-----w- c:\users\owned\appdata\roaming\uTorrent
2010-07-24 21:59:18 0 d-----w- c:\program files\Xiph.Org
2010-07-23 04:57:37 0 d-----w- c:\program files\Lighthouse Interactive
2010-07-20 20:41:05 143764 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-18 02:55:11 0 d-----w- c:\users\owned\appdata\roaming\Code Force Limited
2010-07-18 02:29:26 0 d-----w- C:\Matrix Games
2010-07-18 00:52:17 0 d-----w- c:\program files\Distant Worlds
2010-07-17 23:48:40 270336 ----a-w- c:\users\owned\UaTWebSetup.exe
2010-07-16 07:38:54 392704 ----a-w- c:\windows\system32\ICH.exe
2010-07-15 06:59:58 0 d-----w- c:\program files\common files\Stardock
2010-07-15 05:55:30 0 dc-h--w- c:\programdata\{6AA53D5D-4235-46F9-BAB3-3C1AF08F4C1A}
2010-07-13 19:27:21 0 d-----w- c:\program files\Graviteam
2010-07-12 17:21:20 0 d-----w- c:\program files\RevengeOfTheTitans
2010-07-11 08:56:27 0 d-----w- c:\program files\PANZERS - Phase1
2010-07-10 22:25:19 0 d-----w- c:\users\owned\appdata\roaming\Unity
2010-07-10 19:42:34 0 d-----w- c:\program files\Headup Games
==================== Find3M ====================
2010-08-09 16:44:33 65317 ----a-w- c:\programdata\nvModes.dat
2010-08-09 02:36:15 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-09 02:36:15 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-09 02:36:15 143360 ----a-w- c:\windows\inf\infstor.dat
2010-08-07 05:27:19 7466 ----a-w- c:\users\owned\appdata\roaming\wklnhst.dat
2010-08-07 03:52:14 7078 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-07-18 04:35:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-18 04:35:06 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-08 00:48:04 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-08 00:48:04 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-08 00:48:04 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-08 00:48:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 23:57:00 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-06-07 23:57:00 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-06-07 23:57:00 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57:00 4967528 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-06-07 23:57:00 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod1921.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-06-07 23:57:00 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-28 19:58:26 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 04:59:43 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-18 04:59:38 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-18 04:24:29 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-05-18 04:24:29 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-05-18 04:24:29 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-04-12 07:01:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-11-05 06:36:53 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-28 21:50:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-28 21:50:35 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-28 21:50:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-04-26 09:48:12 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
============= FINISH: 10:07:50.38 ===============
Running from sleep mode this morning, my computer monitor cut out and the computer gave three long beeps. Windows froze twice during attempted reboots. I restarted in safemode and during a registry search I found safesurf-related keys in these locations:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\jsafesurf
Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameter\FirewallPolicy\StandardProfile\AuthorizedApplications\List
I didn't do anything with them.
I had not found these in earlier searches.
Also, when I reboot a variety of processes start up , like wmplayer.exe and w3wp.exe, that usually don't.
Examining my task manager I've also discovered the evP.exe process, which I find suspicious.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owned at 10:05:41.58 on Mon 08/09/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3053.1572 [GMT -7:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Process Blocker\Process Blocker.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\system\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Process Blocker\Tray Informer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\LGDEVAGT.EXE
C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\LCD MANAGER\LCDMON.EXE
C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\G-SERIES SOFTWARE\LGDCORE.EXE
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\mcbuilder.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\owned\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5628
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5628
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5628
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5628
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\owned\appdata\roaming\mozilla\firefox\profiles\i318z3nb.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owned\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation
foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",
"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-8 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-8 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-8 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
R2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-4-6 158168]
R2 NMSCore;Intel(R) NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-4-6 313816]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 Process Blocker;Process Blocker;c:\program files\process blocker\Process Blocker.exe [2010-4-22 106712]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-4-6 272856]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-8 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
R2 Win_Updater;Windows Updater;c:\windows\system32\system\svchost.exe [2010-7-27 1198592]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2006-8-25 5504]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S2 0210431281293957mcinstcleanup;McAfee Application Installer Cleanup (0210431281293957);c:\users\owned\appdata\local\temp\021043~1.exe c:\progra~1\common~1
\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\owned\appdata\local\temp\021043~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog
-service [?]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe --> c:\program files\ca\ca internet security
suite\ccschedulersvc.exe [?]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; [x]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-4-6 39896]
S3 EMSUSB2;EMS USB Joypad2;c:\windows\system32\drivers\Emsusb2.sys [2010-5-29 9728]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-19 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-15 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\drivers\MijUfilt.sys [2009-7-20 17408]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-8-8 27192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-7-20 27904]
============== File Associations ===============
regfile="regedit.exe" "%1"
.txt=
=============== Created Last 30 ================
2010-08-09 02:50:29 0 d-----w- c:\program files\SpywareBlaster
2010-08-09 02:49:48 0 d-----w- c:\users\owned\appdata\roaming\WinPatrol
2010-08-09 02:49:43 0 d-----w- c:\program files\BillP Studios
2010-08-09 00:38:44 0 d-----w- c:\program files\efs
2010-08-08 23:57:45 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-08-08 23:54:29 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-08 23:54:10 38848 ----a-w- c:\windows\avastSS.scr
2010-08-08 23:42:50 0 d-sh--w- C:\found.002
2010-08-08 04:18:45 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-08 04:18:45 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-08 04:18:45 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-08 04:18:44 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-08 04:18:44 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-08 04:18:44 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-08 04:18:44 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-08 04:18:44 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-07 13:25:34 0 d-----w- c:\programdata\Rosetta Stone
2010-08-07 13:25:34 0 d-----w- c:\program files\Rosetta Stone
2010-08-07 06:02:01 0 d-----w- c:\program files\StarCraft II
2010-08-07 04:12:22 0 d-----w- c:\program files\Process Blocker
2010-08-07 01:46:23 250544 ----a-w- c:\windows\system32\KeyHelp.ocx
2010-08-07 01:46:23 0 d-----w- c:\program files\common files\Scanner
2010-08-07 01:46:17 6552 ----a-w- c:\windows\system32\wbem\canvprov.mof
2010-08-07 01:46:17 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll
2010-08-07 01:46:14 0 d-----w- c:\program files\CA
2010-08-07 01:45:16 0 d-----w- c:\programdata\CA
2010-08-07 01:15:51 42 ----a-w- c:\windows\system32\scud.udf
2010-08-06 16:40:26 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2010-08-06 16:40:26 3018 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-08-06 16:40:00 522928 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-08-06 16:40:00 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2010-08-06 16:40:00 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-08-06 16:40:00 0 d-----w- c:\users\owned\appdata\roaming\AccurateRip
2010-08-06 16:39:56 0 d-----w- c:\program files\Illustrate
2010-08-05 19:35:13 0 d-----w- c:\programdata\Enkord
2010-08-05 19:34:50 4286 ----a-w- c:\windows\system32\ico.ico
2010-08-05 19:34:48 0 d-----w- c:\windows\system32\system
2010-08-05 19:26:01 0 d-----w- C:\Games
2010-08-03 18:57:02 0 d-----w- c:\programdata\Blizzard Entertainment
2010-07-31 01:41:30 0 d-----w- c:\program files\Will
2010-07-30 01:45:23 0 d-----w- c:\programdata\RosettaStoneLtdBackup
2010-07-28 22:58:56 11831 ----a-w- c:\windows\system32\drivers\SlUSBFlt.sys
2010-07-28 22:58:55 608 ----a-w- c:\windows\UnDeviceUpd
2010-07-28 22:58:55 13395 ----a-w- c:\windows\system32\drivers\SlFilter.sys
2010-07-28 18:58:30 6 ----a-w- c:\windows\system32\cuatro.ini
2010-07-28 18:58:26 0 d-----w- c:\program files\Liberty BASIC v4.03
2010-07-27 18:38:05 0 d-----w- c:\windows\system32\xlive
2010-07-27 02:26:15 283 ----a-w- c:\windows\EReg220.dat
2010-07-27 01:25:33 0 d-----w- C:\zap
2010-07-26 23:12:29 0 d-----w- c:\programdata\Mozilla
2010-07-26 23:11:09 0 d-----w- c:\program files\Oni
2010-07-26 21:54:42 821553 ----a-w- C:\fraglist.luar
2010-07-26 07:42:40 0 d-----w- c:\windows\Depths Of Peril
2010-07-26 07:42:39 0 d-----w- c:\program files\Depths Of Peril
2010-07-26 04:02:33 0 d-----w- c:\users\owned\appdata\roaming\StarBlaze2
2010-07-26 02:42:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2010-07-26 02:42:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2010-07-26 02:38:15 0 d-----w- c:\programdata\Logitech
2010-07-26 00:32:21 0 d-----w- c:\program files\Deep Silver
2010-07-25 22:50:09 0 d-----w- c:\programdata\Muzzy Lane
2010-07-25 06:02:17 0 d-----w- C:\HeroLab
2010-07-25 05:52:51 0 d-----w- c:\users\owned\appdata\roaming\Foxit Software
2010-07-25 05:52:14 0 d-----w- c:\program files\Foxit Software
2010-07-25 01:48:40 0 d-----w- c:\program files\uTorrent
2010-07-25 01:48:11 0 d-----w- c:\users\owned\appdata\roaming\uTorrent
2010-07-24 21:59:18 0 d-----w- c:\program files\Xiph.Org
2010-07-23 04:57:37 0 d-----w- c:\program files\Lighthouse Interactive
2010-07-20 20:41:05 143764 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-18 02:55:11 0 d-----w- c:\users\owned\appdata\roaming\Code Force Limited
2010-07-18 02:29:26 0 d-----w- C:\Matrix Games
2010-07-18 00:52:17 0 d-----w- c:\program files\Distant Worlds
2010-07-17 23:48:40 270336 ----a-w- c:\users\owned\UaTWebSetup.exe
2010-07-16 07:38:54 392704 ----a-w- c:\windows\system32\ICH.exe
2010-07-15 06:59:58 0 d-----w- c:\program files\common files\Stardock
2010-07-15 05:55:30 0 dc-h--w- c:\programdata\{6AA53D5D-4235-46F9-BAB3-3C1AF08F4C1A}
2010-07-13 19:27:21 0 d-----w- c:\program files\Graviteam
2010-07-12 17:21:20 0 d-----w- c:\program files\RevengeOfTheTitans
2010-07-11 08:56:27 0 d-----w- c:\program files\PANZERS - Phase1
2010-07-10 22:25:19 0 d-----w- c:\users\owned\appdata\roaming\Unity
2010-07-10 19:42:34 0 d-----w- c:\program files\Headup Games
==================== Find3M ====================
2010-08-09 16:44:33 65317 ----a-w- c:\programdata\nvModes.dat
2010-08-09 02:36:15 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-09 02:36:15 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-09 02:36:15 143360 ----a-w- c:\windows\inf\infstor.dat
2010-08-07 05:27:19 7466 ----a-w- c:\users\owned\appdata\roaming\wklnhst.dat
2010-08-07 03:52:14 7078 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-07-18 04:35:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-18 04:35:06 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-08 00:48:04 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-08 00:48:04 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-08 00:48:04 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-08 00:48:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 23:57:00 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-06-07 23:57:00 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-06-07 23:57:00 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57:00 4967528 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-06-07 23:57:00 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod1921.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-06-07 23:57:00 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-28 19:58:26 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 04:59:43 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-18 04:59:38 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-18 04:24:29 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-05-18 04:24:29 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-05-18 04:24:29 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-04-12 07:01:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-11-05 06:36:53 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-28 21:50:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-28 21:50:35 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-28 21:50:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-04-26 09:48:12 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
============= FINISH: 10:07:50.38 ===============
Running from sleep mode this morning, my computer monitor cut out and the computer gave three long beeps. Windows froze twice during attempted reboots. I restarted in safemode and during a registry search I found safesurf-related keys in these locations:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\jsafesurf
Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameter\FirewallPolicy\StandardProfile\AuthorizedApplications\List
I didn't do anything with them.
I had not found these in earlier searches.