Resolved Gen-Krpytik

My SAS has picked up the above trojan which appears to be attaching itself to a game trainer I have been using for a couple of years without a problem.

I have checked out the SAS site and there is some discussion as to whether this is a false positive (http://forums.superantispyware.com/index.php?/topic/3696-trojanagentgen-krpytik-false-positive/)

I don't altogether follow all this false positive stuff but maybe some of you can take a gander at it.

I'm attaching below the relevant DDS files. In light of the current interest I would be obliged if it can be checked out.
Thanks


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x3a380d0200+1
Install Date: 13/11/2009 12:55:33
System Uptime: 22/04/2010 19:43:35 (0 hours ago)

Motherboard: ASRock | | G31M-GS.
Processor: Intel Pentium III Xeon processor | CPUSocket | 2593/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 147.991 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 37 GiB total, 30.171 GiB free.
F: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP31: 15/02/2010 04:46:27 - System Checkpoint
RP32: 16/02/2010 14:54:56 - Software Distribution Service 3.0
RP33: 16/02/2010 19:24:14 - Installed Medal of Honor Pacific Assault(tm)
RP34: 16/02/2010 19:35:09 - Microsoft Antimalware Checkpoint
RP35: 17/02/2010 13:06:58 - Software Distribution Service 3.0
RP36: 17/02/2010 17:14:34 - Installed Commandos Strike Force
RP37: 17/02/2010 17:40:42 - Installed Patch_NO_EAX
RP38: 17/02/2010 23:10:06 - Revo Uninstaller's restore point - Commandos Strike Force
RP39: 17/02/2010 23:10:11 - Removed Commandos Strike Force
RP40: 19/02/2010 08:22:46 - System Checkpoint
RP41: 19/02/2010 13:06:18 - Software Distribution Service 3.0
RP42: 20/02/2010 15:53:31 - Software Distribution Service 3.0
RP43: 21/02/2010 03:13:25 - Installed Microangelo Toolset 6.
RP44: 21/02/2010 03:28:24 - Revo Uninstaller's restore point - Microangelo Toolset 6
RP45: 21/02/2010 04:05:43 - Cleaned registry with Windows Live OneCare safety scanner
RP46: 21/02/2010 04:21:29 - Restore Operation
RP47: 22/02/2010 04:56:16 - System Checkpoint
RP48: 23/02/2010 09:54:36 - System Checkpoint
RP49: 23/02/2010 10:57:24 - Software Distribution Service 3.0
RP50: 24/02/2010 10:30:51 - Software Distribution Service 3.0
RP51: 24/02/2010 19:02:09 - Software Distribution Service 3.0
RP52: 25/02/2010 09:47:31 - Software Distribution Service 3.0
RP53: 25/02/2010 22:57:35 - Software Distribution Service 3.0
RP54: 26/02/2010 00:04:51 - Installed Safari
RP55: 26/02/2010 15:10:58 - Software Distribution Service 3.0
RP56: 27/02/2010 16:00:04 - System Checkpoint
RP57: 27/02/2010 18:20:43 - Installed Ghost Recon Advanced Warfighter
RP58: 27/02/2010 22:31:53 - Software Distribution Service 3.0
RP59: 28/02/2010 13:46:25 - Software Distribution Service 3.0
RP60: 01/03/2010 13:24:22 - Revo Uninstaller's restore point - Vista Start Menu 3.55
RP61: 02/03/2010 15:37:35 - System Checkpoint
RP62: 03/03/2010 12:07:52 - Revo Uninstaller's restore point - Safari
RP63: 03/03/2010 12:09:11 - Revo Uninstaller's restore point - Silent Hunter III
RP64: 03/03/2010 12:09:24 - Configured Silent Hunter III
RP65: 03/03/2010 12:11:29 - Revo Uninstaller's restore point - Call of Duty(R) 2
RP66: 03/03/2010 12:11:37 - Removed PRODUCT_NAME
RP67: 03/03/2010 13:04:52 - Revo Uninstaller's restore point - ArmA 2 Uninstall
RP68: 03/03/2010 13:56:07 - Unsigned driver install
RP69: 04/03/2010 13:10:04 - Software Distribution Service 3.0
RP70: 04/03/2010 16:10:35 - Software Distribution Service 3.0
RP71: 05/03/2010 01:22:35 - Revo Uninstaller's restore point - ESET Online Scanner v3
RP72: 05/03/2010 18:25:42 - Software Distribution Service 3.0
RP73: 05/03/2010 19:12:17 - Unsigned driver install
RP74: 06/03/2010 11:38:31 - Cleaned registry with Windows Live OneCare safety scanner
RP75: 07/03/2010 11:40:21 - Software Distribution Service 3.0
RP76: 08/03/2010 07:15:03 - Software Distribution Service 3.0
RP77: 08/03/2010 09:18:25 - Revo Uninstaller's restore point - 3Planesoft Screensaver Manager 1.4
RP78: 08/03/2010 09:19:00 - Revo Uninstaller's restore point - Fireside Christmas 3D Screensaver 1.0
RP79: 09/03/2010 10:56:05 - Software Distribution Service 3.0
RP80: 09/03/2010 13:24:39 - Revo Uninstaller's restore point - 3Planesoft Screensaver Manager 1.4
RP81: 09/03/2010 13:26:05 - Revo Uninstaller's restore point - 3Planesoft Screensaver Manager 1.4
RP82: 09/03/2010 13:27:36 - Revo Uninstaller's restore point - Fireside Christmas 3D Screensaver 1.0
RP83: 09/03/2010 22:43:30 - Software Distribution Service 3.0
RP84: 09/03/2010 22:46:57 - Software Distribution Service 3.0
RP85: 10/03/2010 11:38:01 - Software Distribution Service 3.0
RP86: 11/03/2010 08:55:16 - Software Distribution Service 3.0
RP87: 12/03/2010 14:13:06 - Software Distribution Service 3.0
RP88: 12/03/2010 18:19:25 - Software Distribution Service 3.0
RP89: 13/03/2010 22:14:44 - System Checkpoint
RP90: 14/03/2010 18:12:51 - Software Distribution Service 3.0
RP91: 15/03/2010 22:55:06 - System Checkpoint
RP92: 16/03/2010 20:53:25 - Software Distribution Service 3.0
RP93: 17/03/2010 18:21:26 - Software Distribution Service 3.0
RP94: 18/03/2010 13:31:28 - Software Distribution Service 3.0
RP95: 19/03/2010 11:03:25 - Software Distribution Service 3.0
RP96: 20/03/2010 14:15:21 - Software Distribution Service 3.0
RP97: 22/03/2010 02:12:46 - System Checkpoint
RP98: 22/03/2010 06:07:44 - Software Distribution Service 3.0
RP99: 22/03/2010 13:55:44 - Software Distribution Service 3.0
RP100: 23/03/2010 09:18:48 - Software Distribution Service 3.0
RP101: 24/03/2010 09:34:56 - Software Distribution Service 3.0
RP102: 24/03/2010 16:45:09 - Software Distribution Service 3.0
RP103: 25/03/2010 08:57:30 - Software Distribution Service 3.0
RP104: 26/03/2010 09:01:05 - System Checkpoint
RP105: 26/03/2010 10:31:53 - Software Distribution Service 3.0
RP106: 26/03/2010 11:34:03 - Unsigned driver install
RP107: 27/03/2010 11:37:47 - System Checkpoint
RP108: 27/03/2010 14:07:43 - Software Distribution Service 3.0
RP109: 28/03/2010 15:25:01 - System Checkpoint
RP110: 28/03/2010 16:26:38 - Software Distribution Service 3.0
RP111: 30/03/2010 01:00:06 - Software Distribution Service 3.0
RP112: 30/03/2010 16:16:28 - Software Distribution Service 3.0
RP113: 30/03/2010 22:36:22 - Software Distribution Service 3.0
RP114: 31/03/2010 12:29:17 - Software Distribution Service 3.0
RP115: 01/04/2010 13:32:47 - System Checkpoint
RP116: 01/04/2010 15:28:44 - Software Distribution Service 3.0
RP117: 02/04/2010 00:51:45 - Installed DirectX
RP118: 02/04/2010 17:26:09 - Software Distribution Service 3.0
RP119: 03/04/2010 01:22:44 - Revo Uninstaller's restore point - Modern Warfare 2
RP120: 03/04/2010 01:43:58 - Restore Operation
RP121: 03/04/2010 01:48:58 - Software Distribution Service 3.0
RP122: 03/04/2010 17:28:59 - Removed Microsoft Office Outlook Connector
RP123: 04/04/2010 02:31:26 - Software Distribution Service 3.0
RP124: 04/04/2010 22:05:18 - Installed Opera 10.51.
RP125: 05/04/2010 04:02:48 - Software Distribution Service 3.0
RP126: 05/04/2010 08:14:11 - SiSoftware Sandra Lite
RP127: 06/04/2010 19:52:01 - Software Distribution Service 3.0
RP128: 07/04/2010 21:54:12 - Software Distribution Service 3.0
RP129: 08/04/2010 00:28:37 - SiSoftware Sandra Lite
RP130: 08/04/2010 00:36:36 - Revo Uninstaller's restore point - SiSoftware Sandra Lite 2010c
RP131: 08/04/2010 00:36:45 - SiSoftware Sandra Lite
RP132: 08/04/2010 11:12:12 - Revo Uninstaller's restore point - Icon to Any
RP133: 08/04/2010 11:12:58 - Revo Uninstaller's restore point - Stay Secure
RP134: 08/04/2010 18:00:17 - Unsigned driver install
RP135: 09/04/2010 02:49:55 - Software Distribution Service 3.0
RP136: 10/04/2010 20:11:31 - System Checkpoint
RP137: 11/04/2010 17:44:00 - Software Distribution Service 3.0
RP138: 12/04/2010 00:12:33 - Software Distribution Service 3.0
RP139: 13/04/2010 15:13:40 - Software Distribution Service 3.0
RP140: 13/04/2010 16:31:55 - Unsigned driver install
RP141: 13/04/2010 20:49:46 - Revo Uninstaller's restore point - 3Connect
RP142: 13/04/2010 20:50:03 - Removed 3Connect
RP143: 13/04/2010 20:52:40 - Installed 3Connect
RP144: 14/04/2010 11:47:38 - Software Distribution Service 3.0
RP145: 14/04/2010 11:54:33 - Installed Java(TM) 6 Update 19
RP146: 14/04/2010 12:13:10 - Revo Uninstaller's restore point - FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.2.0603
RP147: 14/04/2010 12:13:50 - Revo Uninstaller's restore point - Free FLV Player V0.05
RP148: 15/04/2010 21:13:09 - Software Distribution Service 3.0
RP149: 16/04/2010 19:41:57 - Software Distribution Service 3.0
RP150: 17/04/2010 17:47:42 - Software Distribution Service 3.0
RP151: 18/04/2010 19:36:06 - Software Distribution Service 3.0
RP152: 18/04/2010 22:51:58 - Installed %1 %2.
RP153: 19/04/2010 14:26:13 - Advanced SystemCare RestorePoint
RP154: 20/04/2010 11:59:35 - Software Distribution Service 3.0
RP155: 20/04/2010 23:16:16 - Software Distribution Service 3.0
RP156: 21/04/2010 21:18:49 - Software Distribution Service 3.0
RP157: 21/04/2010 23:00:09 - Revo Uninstaller's restore point - Advanced SystemCare 3
RP158: 21/04/2010 23:08:18 - Revo Uninstaller's restore point - Discovery 3D Screensaver 1.1
RP159: 21/04/2010 23:09:03 - Revo Uninstaller's restore point - Spirit of Fire 3D Screensaver 2.4
RP160: 21/04/2010 23:10:08 - Revo Uninstaller's restore point - Western Railway NV 3D Screensaver 2.0
RP161: 22/04/2010 18:11:25 - Revo Uninstaller's restore point - Smart Defrag

==== Installed Programs ======================

3Connect
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Advanced SystemCare 3
Agent Ransack Version 1.7.3
Analog Clock
Analog Graphite clock
Analog vista clock
Apple Application Support
Apple Software Update
ASRock InstantBoot v1.23
Big Ben
Bravo 2-5
BurnInTest v6.0 Standard
Calendar Clock
Call of Duty
Call of Duty(R) - World at War(TM)
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner
Concise Oxford English Dictionary (Eleventh Edition)
Conflict Desert Storm II
Conflict Global Storm
CPUID CPU-Z 1.53
Desert Storm
Disk Investigator 1.5
Driver Sweeper 2.1.0
EAX4 Unified Redist
eBook Reader
ERUNT 1.1j
EVEREST Home Edition v2.20
Express Burn
Far Cry
Far Cry (Patch 1.3)
Far Cry (Patch 1.31)
Far Cry 2
Far Cry K-9 Vision 1.1
First to Fight
Frostbite Full version 1.2
Game Booster
Ghost Recon
Ghost Recon Advanced Warfighter
GRAW Patch 1.35
Hidden & Dangerous 2
Hidden & Dangerous 2 Sabre Squadron
HijackThis 2.0.2
Hitman's Arsenal
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
Java Auto Updater
Java(TM) 6 Update 19
Junk Mail filter update
Malwarebytes' Anti-Malware
Medal of Honor Pacific Assault(tm)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Choice Guard
Microsoft Fix it Center
Microsoft IntelliType Pro 7.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Hotmail Connector 32-bit (Beta)
Microsoft Outlook Personal Folders Backup
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
old style analog clock
Opera 10.51
PhysX Screen Saver
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller 1.85
Secret Weapons Over Normandy
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
SIW version 2009.10.22
Speccy
SpeedFan (remove only)
Steam
System Requirements Lab
The 22nd SAS Equipment Modification v1.0
Time and Date 1.32
Tom Clancy's Ghost Recon Advanced Warfighter® 2
Tweak UI
Unlocker 1.8.8
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
WinPatrol
WinPatrol 2007 Restore/Remove First
WinPatrol 2009
World+Clock
WOT for Internet Explorer
ZTE_MF627_USB_MODEM_1.2059.0.4

==== End Of File ===========================




DDS (Ver_10-03-17.01) - NTFSx86
Run by User 1 at 20:10:30.03 on 22/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1354 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Documents and Settings\User 1\Local Settings\Application Data\Analog Clock\Analog Clock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\3 Mobile Broadband\3Connect\AutoUpdateSrv.exe
C:\Program Files\3 Mobile Broadband\3Connect\WilogApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.telegraph.co.uk/
mURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user1~1\startm~1\programs\startup\analog~1.lnk - c:\documents and settings\user 1\local settings\application data\analog clock\Analog Clock.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
TCP: {1546FDED-AA4B-4712-A94C-BEA75CF99E18} = 217.171.135.1 217.171.132.1
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user1~1\applic~1\mozilla\firefox\profiles\aom3fm04.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.timesonline.co.uk/tol/news/
FF - plugin: c:\documents and settings\user 1\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 149040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 66632]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-3 54752]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-13 1691480]
S3 jgameenp;jgameenp;\??\c:\docume~1\user1~1\locals~1\temp\jgameenp.sys --> c:\docume~1\user1~1\locals~1\temp\jgameenp.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7680]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-04-22 00:05:52 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-19 15:33:54 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-04-19 13:25:10 0 d-----w- c:\docume~1\user1~1\applic~1\IObit
2010-04-18 21:52:49 0 d-----w- c:\windows\MATS
2010-04-18 21:52:49 0 d-----w- c:\program files\Microsoft Fix it Center
2010-04-14 10:54:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-13 19:53:13 0 d-----w- c:\docume~1\user1~1\applic~1\Birdstep Technology
2010-04-13 19:53:03 10240 ------w- c:\windows\system32\drivers\mdvrmng.sys
2010-04-13 15:28:50 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-13 15:28:50 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-13 15:28:50 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-13 15:28:50 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-13 15:28:49 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-13 15:28:49 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-13 15:28:49 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-13 15:28:49 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-13 15:28:49 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-13 15:28:48 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-13 15:28:43 0 d-----w- C:\NVIDIA
2010-04-13 14:38:26 0 d-----w- C:\NvIdia Drivers
2010-04-08 17:00:17 43136 ----a-r- c:\windows\system32\drivers\ser2pl.sys
2010-04-05 07:15:36 0 d-----w- c:\program files\SiSoftware
2010-04-03 18:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 18:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 18:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 18:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 18:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 18:23:00 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-04-03 18:23:00 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-04-03 00:44:31 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-01 23:51:38 0 d-----w- c:\windows\system32\temp
2010-04-01 23:51:38 0 d-----w- c:\docume~1\alluse~1\applic~1\PassMark
2010-04-01 23:51:33 0 d-----w- c:\program files\BurnInTest
2010-03-26 10:06:12 0 d-----w- c:\program files\Disk Investigator

==================== Find3M ====================

2010-04-14 10:54:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 18:47:54 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-03 22:55:31 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55:31 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-29 14:24:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 14:24:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 22:25:11 20480 ----a-w- c:\windows\system32\H@tKeysH@@k.DLL
2010-02-26 00:05:20 60244 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-01-24 14:19:27 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2004-02-20 15:22:58 7031 ----a-w- c:\program files\DevMode.lua

============= FINISH: 20:10:36.79 ===============