ComboFix 12-06-23.06 - NAVEENKS 06/23/2012  23:32:24.1.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3892.770 [GMT -7:00]
Running from: c:\users\naveenks\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Trend Micro OfficeScan Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\naveenks\AppData\Local\ATT Connect\Participant\MSMAsk32.ocx
c:\windows\TEMP\svchost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-24 to 2012-06-24  )))))))))))))))))))))))))))))))
.
.
2012-06-24 06:39 . 2012-06-24 06:39	--------	d-----w-	c:\users\sms2003svc\AppData\Local\temp
2012-06-24 06:39 . 2012-06-24 06:39	--------	d-----w-	c:\users\jasonwe\AppData\Local\temp
2012-06-24 06:39 . 2012-06-24 06:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-24 06:39 . 2012-06-24 06:39	--------	d-----w-	c:\users\BOPCADMIN\AppData\Local\temp
2012-06-16 01:13 . 2012-06-24 06:36	--------	d-----w-	C:\TEMP
2012-06-13 06:31 . 2012-06-13 06:31	--------	d-----w-	c:\users\naveenks\AppData\Roaming\Stamps.com Internet Postage
2012-06-13 06:29 . 2012-06-24 00:28	--------	d-----w-	c:\program files (x86)\Stamps.com Internet Postage
2012-06-13 06:27 . 2012-06-13 06:27	--------	d-----w-	c:\users\naveenks\AppData\Local\Seven Zip
2012-06-07 01:02 . 2012-06-07 01:02	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 01:02 . 2012-06-07 01:02	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-04 19:19 . 2012-06-04 21:20	--------	d-----w-	C:\TopologyEditor8.2
2012-05-26 14:57 . 2012-05-26 14:57	--------	d-----w-	c:\program files (x86)\ESET
2012-05-25 22:14 . 2012-05-25 22:14	--------	d-----w-	c:\programdata\Citrix
2012-05-25 22:13 . 2012-05-25 22:32	--------	d-----w-	c:\users\naveenks\AppData\Roaming\ICAClient
2012-05-25 22:13 . 2012-05-25 22:13	--------	d-----w-	c:\users\naveenks\AppData\Local\Citrix
2012-05-25 22:13 . 2012-05-25 22:13	--------	d-----w-	c:\program files (x86)\Citrix
2012-05-25 16:53 . 2012-05-25 16:55	--------	d-----w-	c:\users\Administrator
2012-05-25 16:47 . 2012-05-25 16:47	--------	d-----w-	c:\program files\Microsoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 01:30 . 2011-12-20 17:59	1327104	----a-w-	c:\windows\HP DDM Inventory Agent (x86) 7.61.000.9328.msi
2012-05-22 01:30 . 2011-12-20 17:59	180224	----a-w-	c:\windows\ovedagentinstaller.exe
2012-04-26 20:33 . 2012-04-26 20:33	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-26 20:33 . 2012-04-26 20:33	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-04-26 20:33 . 2012-04-26 20:33	1798656	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-04-26 20:33 . 2012-04-26 20:33	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2012-04-26 20:33 . 2012-04-26 20:33	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-04-26 20:33 . 2012-04-26 20:33	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-04-26 20:33 . 2012-04-26 20:33	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-26 20:33 . 2012-04-26 20:33	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-04-26 20:33 . 2012-04-26 20:33	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-04-26 20:33 . 2012-04-26 20:33	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-04-26 20:33 . 2012-04-26 20:33	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-04-26 20:33 . 2012-04-26 20:33	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-04-26 20:33 . 2012-04-26 20:33	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-04-26 20:33 . 2012-04-26 20:33	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-04-26 20:33 . 2012-04-26 20:33	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-04-26 20:33 . 2012-04-26 20:33	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-04-26 20:33 . 2012-04-26 20:33	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-04-26 20:33 . 2012-04-26 20:33	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-04-26 20:33 . 2012-04-26 20:33	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-04-26 20:33 . 2012-04-26 20:33	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-04-26 20:33 . 2012-04-26 20:33	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-04-26 20:33 . 2012-04-26 20:33	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-04-26 20:33 . 2012-04-26 20:33	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-04-26 20:33 . 2012-04-26 20:33	222208	----a-w-	c:\windows\system32\msls31.dll
2012-04-26 20:33 . 2012-04-26 20:33	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-04-26 20:33 . 2012-04-26 20:33	1390080	----a-w-	c:\windows\system32\wininet.dll
2012-04-26 20:33 . 2012-04-26 20:33	12288	----a-w-	c:\windows\system32\mshta.exe
2012-04-26 20:33 . 2012-04-26 20:33	114176	----a-w-	c:\windows\system32\admparse.dll
2012-04-26 20:33 . 2012-04-26 20:33	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-04-26 20:33 . 2012-04-26 20:33	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-04-26 20:33 . 2012-04-26 20:33	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-04-26 20:33 . 2012-04-26 20:33	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-04-26 20:33 . 2012-04-26 20:33	2308096	----a-w-	c:\windows\system32\jscript9.dll
2012-04-26 20:33 . 2012-04-26 20:33	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-04-26 20:33 . 2012-04-26 20:33	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-04-26 20:33 . 2012-04-26 20:33	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-04-26 20:33 . 2012-04-26 20:33	448512	----a-w-	c:\windows\system32\html.iec
2012-04-26 20:33 . 2012-04-26 20:33	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-04-26 20:33 . 2012-04-26 20:33	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-04-26 20:33 . 2012-04-26 20:33	160256	----a-w-	c:\windows\system32\wextract.exe
2012-04-26 20:33 . 2012-04-26 20:33	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2012-04-26 20:33 . 2012-04-26 20:33	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-04-16 18:22 . 2012-03-23 21:48	62736	----a-r-	c:\users\naveenks\AppData\Roaming\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\PullClientStartSho_CD6A27034E724245941D2EB3A8CF0DD5.exe
2012-04-16 18:22 . 2012-03-23 21:48	62736	----a-r-	c:\users\naveenks\AppData\Roaming\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ParticipantStartSh_DF0BA5751BF84E0AABDD4B6DA83B3B0C.exe
2012-04-16 18:22 . 2012-03-23 21:48	62736	----a-r-	c:\users\naveenks\AppData\Roaming\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\NewShortcut11_0A40599CA5B444D89111273D573729A6.exe
2012-04-16 18:22 . 2012-03-23 21:48	62736	----a-r-	c:\users\naveenks\AppData\Roaming\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\MyATTStartShortcut_37B266125E564D7BBC298658403757C7.exe
2012-04-16 18:22 . 2012-03-23 21:48	62736	----a-r-	c:\users\naveenks\AppData\Roaming\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\LSUStartShortcut1_0C445A24F06A4871AC024995E6B63EA6.exe
2012-04-16 18:22 . 2012-03-23 21:48	58640	----a-r-	c:\users\naveenks\AppData\Roaming\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\MyATTDesktopShortc_F98F597BB2C24BCA8A2E00E99FF50C40.exe
2012-04-16 18:22 . 2012-03-23 21:48	46352	----a-r-	c:\users\naveenks\AppData\Roaming\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ParticipantHelpSta_AFE5E24C07B1432883124EEC348980E5.exe
2012-04-16 18:22 . 2012-03-23 21:48	62736	----a-r-	c:\users\naveenks\AppData\Roaming\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\LSUDesktopShortcut_5E8B335F6B1645798E61AE17118989A8.exe
2012-04-16 18:22 . 2012-03-23 21:48	62736	----a-r-	c:\users\naveenks\AppData\Roaming\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ARPPRODUCTICON.exe
2012-04-04 22:56 . 2012-05-24 12:45	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-30 16:45 . 2011-12-20 00:00	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-03-28 18:36 . 2012-03-28 18:37	525544	----a-w-	c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2010-09-24 20:18	873472	----a-w-	c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2010-09-24 20:18	873472	----a-w-	c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2010-09-24 20:18	873472	----a-w-	c:\program files\Perforce\p4exp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Push Client"="c:\users\naveenks\AppData\Local\ATT Connect\Participant\pull.exe" [2010-06-03 965872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-01-27 12065056]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2011-08-29 1836592]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-08-24 115560]
"EDFcsn"="c:\program files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe" [2012-04-20 177720]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
.
c:\users\naveenks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
"ForceRunOnStartMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u wsauth
.
R1 SASDIFSV;SASDIFSV;c:\users\naveenks\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\naveenks\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 prgnDiscAgent;HP DDMI Agent;c:\program files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe [2012-04-20 775736]
R3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\oracle\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [2010-03-12 83968]
R3 OracleServiceMM82;OracleServiceMM82;c:\oracle\product\11.2.0\dbhome_1\bin\ORACLE.EXE MM82 [x]
R3 OracleVssWriterMM82;Oracle MM82 VSS Writer Service;c:\oracle\product\11.2.0\dbhome_1\bin\OraVSSW.exe MM82 [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [2012-01-04 53248]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudnflt;Remote NDIS Filter Driver;c:\windows\system32\DRIVERS\ssudnflt.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2011-04-15 918032]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 OracleJobSchedulerMM82;OracleJobSchedulerMM82;c:\oracle\product\11.2.0\dbhome_1\Bin\extjob.exe MM82 [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 A180WD;A180WD;c:\progra~2\Aternity\Agent\A180WD.exe [2011-03-22 178176]
S2 MYCOMPANYSIMS;MYCOMPANY SIMS;c:\windows\system32\sims\MYCOMPANYSIMS.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 MBAMAgent;BitLocker Management Client Service;c:\program files\Microsoft\MDOP MBAM\MBAMAgent.exe [2011-06-14 239528]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 OracleDBConsolemm82;OracleDBConsolemm82;c:\oracle\product\11.2.0\dbhome_1\bin\nmesrvc.exe [2010-03-02 35328]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR  [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2011-07-12 342288]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2011-07-12 42768]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-19 494192]
S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-19 1120368]
S3 A180AG;A180AG;c:\program files (x86)\Aternity\Agent\A180AG.exe [2011-03-22 20480]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-143744227-174999600-642189945-171198Core.job
- c:\users\naveenks\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 19:11]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-143744227-174999600-642189945-171198UA.job
- c:\users\naveenks\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 19:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2010-09-24 19:23	1122816	----a-w-	c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2010-09-24 19:23	1122816	----a-w-	c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2010-09-24 19:23	1122816	----a-w-	c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-04 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-04 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-04 415256]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.ap.MYCOMPANY.com;*.na.MYCOMPANY.com;*eu.MYCOMPANY.com;meet.MYCOMPANY.com;erpdbsso*;erpprodsso*;*corp.MYCOMPANY.com;10.*;local;aps*;bentz*;erp*;nemo*;*.na.MYCOMPANY.com;*.corp.MYCOMPANY.com;erpdbsso*;*10.21.112*;*indlin182*;*d3icr1m1*;*10.232.192*;*inlincr*;*10.72.109*;*wiki.web.att.com*;*d3icr1m1*;*cisrc.sbc.com*;D3icr1m1.snt.bst.bls.com;139.76.214.207;<local>
uInternet Settings,ProxyServer = genproxy:8080
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{9FCE0361-EBEC-4EBA-AE4A-34967AABFF01} - c:\windows\SysWOW64\IEProxy.exe
Trusted Zone: amadeus.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\users\naveenks\AppData\Roaming\Mozilla\Firefox\Profiles\cz2x9amd.default\
FF - prefs.js: network.proxy.ftp - genproxy.MYCOMPANY.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - genproxy.MYCOMPANY.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - genproxy.MYCOMPANY.com
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - genproxy.MYCOMPANY.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-MYCOMPANYCRM SmartClient - c:\windows\system32\javaws.exe
.
.
"ImagePath"="System32\Drivers\BTHUSB.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\C:/Program Files/Perforce]
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1ClrAgent]
"ImagePath"="c:\oracle\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:c:\oracle\product\11.2.0\dbhome_1\bin\oraclr11.dll\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1TNSListener]
"ImagePath"="c:\oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MYCOMPANYSIMS]
"ImagePath"="c:\windows\system32\sims\MYCOMPANYSIMS.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-23  23:43:15
ComboFix-quarantined-files.txt  2012-06-24 06:43
.
Pre-Run: 172,967,063,552 bytes free
Post-Run: 172,666,114,048 bytes free
.
- - End Of File - - 6BADC6FA0DB947244E4E558FCF06F52B