ComboFix 12-04-25.02 - Mark 04/26/2012   1:31.1.1 - x86
Running from: c:\users\Mark\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-26 to 2012-04-26  )))))))))))))))))))))))))))))))
.
.
2012-04-26 08:48 . 2012-04-26 08:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-26 08:34 . 2012-04-26 08:34	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2AB9E180-B5D9-4ABD-BF26-441A7DD82AEC}\offreg.dll
2012-04-26 08:06 . 2012-04-26 08:06	--------	d-----w-	C:\_OTL
2012-04-15 08:54 . 2012-04-15 08:54	--------	d-----w-	c:\program files\Common Files\Adobe
2012-04-15 06:59 . 2012-04-15 06:59	--------	d-----w-	c:\programdata\Tarma Installer
2012-04-15 06:58 . 2012-04-15 06:58	--------	d-----w-	c:\program files\uTorrent
2012-04-05 06:13 . 2012-04-05 06:13	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-05 06:13 . 2012-04-05 06:13	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-05 06:13 . 2011-12-10 22:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-04 05:13 . 2012-03-20 10:53	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2AB9E180-B5D9-4ABD-BF26-441A7DD82AEC}\mpengine.dll
2012-04-03 07:57 . 2009-09-10 05:52	257024	----a-w-	c:\windows\system32\msv1_0.dll
2012-04-03 06:54 . 2012-04-03 06:54	--------	d-----w-	c:\windows\system32\Wat
2012-04-03 05:29 . 2009-11-25 19:47	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2012-04-03 05:29 . 2009-11-25 19:47	297808	----a-w-	c:\windows\system32\mscoree.dll
2012-04-03 05:29 . 2009-11-25 19:47	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2012-04-03 05:29 . 2009-11-25 19:47	49472	----a-w-	c:\windows\system32\netfxperf.dll
2012-04-03 05:29 . 2009-11-25 19:47	1130824	----a-w-	c:\windows\system32\dfshim.dll
2012-04-03 01:25 . 2010-03-04 03:57	190976	----a-w-	c:\windows\system32\drivers\ks.sys
2012-04-02 08:39 . 2012-04-02 08:39	--------	d-----w-	c:\program files\MSXML 4.0
2012-04-02 08:39 . 2012-04-02 08:39	--------	d-----w-	C:\a756b714c39790502327d4c32bb8986c
2012-04-02 08:39 . 2010-09-14 06:07	276992	----a-w-	c:\windows\system32\wcncsvc.dll
2012-04-02 08:38 . 2011-11-19 14:25	3957616	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-02 08:38 . 2011-11-19 14:25	3902320	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-02 05:37 . 2012-04-02 05:37	--------	d-----w-	c:\program files\Camel Audio
2012-04-02 05:37 . 2012-04-02 05:37	--------	d-----w-	c:\programdata\Camel Audio
2012-04-02 05:05 . 2012-04-02 05:05	--------	dc-h--w-	c:\programdata\{93906220-8503-45CF-87CB-5A54C8DE1AB2}
2012-04-02 04:54 . 2008-06-04 21:56	344064	----a-w-	c:\windows\system32\rsp_ogg_player_ocx2.dll
2012-04-02 04:54 . 2000-07-15 05:00	101888	----a-w-	c:\windows\system32\VB6STKIT.DLL
2012-04-02 04:54 . 1998-06-18 05:00	89360	----a-w-	c:\windows\system32\VB5DB.DLL
2012-04-02 04:54 . 2008-06-04 21:56	344064	----a-w-	c:\windows\system32\rsp_ogg_player_ocx1.dll
2012-04-02 04:54 . 2003-05-10 00:01	372736	----a-w-	c:\windows\system32\vbwExtender.ocx
2012-04-02 04:54 . 1998-06-27 01:22	205848	----a-w-	c:\windows\system32\THREED32.OCX
2012-04-02 04:54 . 2004-03-10 11:15	224016	----a-w-	c:\windows\system32\TABCTL32.OCX
2012-04-02 04:54 . 2002-02-19 20:20	1328824	----a-w-	c:\windows\system32\SPR32X60.ocx
2012-04-02 04:54 . 2008-06-04 23:02	159744	----a-w-	c:\windows\system32\rsp_ogg_vorbis_ocx_320reg.ocx
2012-04-02 04:54 . 2004-03-10 11:15	212240	----a-w-	c:\windows\system32\RICHTX32.OCX
2012-04-02 04:54 . 2004-03-10 11:15	662288	----a-w-	c:\windows\system32\MSCOMCT2.OCX
2012-04-02 04:54 . 1999-12-07 22:30	557328	----a-w-	c:\windows\system32\DAO360.DLL
2012-04-02 04:53 . 2012-04-02 05:05	--------	d-----w-	c:\program files\Hawkes Learning Systems
2012-04-02 04:52 . 2012-04-02 04:52	--------	d-----w-	c:\windows\system32\Macromed
2012-04-02 04:51 . 2012-04-02 04:55	--------	d--h--w-	c:\programdata\{A77F137D-236E-4155-A17D-2DA1AC94D44C}
2012-04-02 04:17 . 2011-04-11 21:29	64048	----a-w-	c:\windows\system32\drivers\McPvDrv.sys
2012-04-02 04:17 . 2011-10-15 19:16	9608	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2012-04-02 04:15 . 2011-10-15 19:16	64880	----a-w-	c:\windows\system32\drivers\mfenlfk.sys
2012-04-02 04:15 . 2011-10-15 19:16	165680	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2012-04-02 04:15 . 2011-10-15 19:16	87656	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2012-04-02 04:15 . 2011-10-15 19:16	59456	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2012-04-02 04:15 . 2011-10-15 19:16	57600	----a-w-	c:\windows\system32\drivers\cfwids.sys
2012-04-02 04:15 . 2011-10-15 19:16	464176	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2012-04-02 04:15 . 2011-10-15 19:16	338176	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2012-04-02 04:15 . 2011-10-15 19:16	180816	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2012-04-02 04:15 . 2011-10-15 19:16	121256	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2012-04-02 04:15 . 2012-04-02 04:17	--------	d-----w-	c:\program files\Common Files\Mcafee
2012-04-02 04:15 . 2012-04-24 02:08	--------	d-----w-	c:\program files\McAfee
2012-04-02 04:08 . 2012-04-02 07:26	--------	d-----w-	c:\programdata\McAfee
2012-04-02 04:01 . 2012-04-02 04:01	--------	d-----w-	c:\program files\CCleaner
2012-04-02 04:01 . 2010-06-29 05:02	1413632	----a-w-	c:\windows\system32\ole32.dll
2012-04-02 04:01 . 2010-06-29 04:57	4247040	----a-w-	c:\program files\Windows NT\Accessories\wordpad.exe
2012-04-02 03:59 . 2011-02-19 05:32	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-04-02 03:58 . 2011-11-05 04:30	2048	----a-w-	c:\windows\system32\tzres.dll
2012-04-02 03:58 . 2011-05-24 10:35	294912	----a-w-	c:\windows\system32\umpnpmgr.dll
2012-04-02 03:56 . 2010-09-01 04:23	12625408	----a-w-	c:\windows\system32\wmploc.DLL
2012-04-02 03:56 . 2011-11-19 14:06	67072	----a-w-	c:\windows\system32\packager.dll
2012-04-02 03:56 . 2011-05-04 04:53	1553920	----a-w-	c:\windows\system32\tquery.dll
2012-04-02 03:56 . 2011-05-04 04:52	1401856	----a-w-	c:\windows\system32\mssrch.dll
2012-04-02 03:56 . 2011-05-04 04:52	666624	----a-w-	c:\windows\system32\mssvp.dll
2012-04-02 03:56 . 2011-05-04 04:52	428032	----a-w-	c:\windows\system32\SearchIndexer.exe
2012-04-02 03:56 . 2011-05-04 04:52	337408	----a-w-	c:\windows\system32\mssph.dll
2012-04-02 03:56 . 2011-05-04 04:52	59392	----a-w-	c:\windows\system32\msscntrs.dll
2012-04-02 03:56 . 2011-05-04 04:52	197120	----a-w-	c:\windows\system32\mssphtb.dll
2012-04-02 03:56 . 2011-05-04 04:52	86528	----a-w-	c:\windows\system32\SearchFilterHost.exe
2012-04-02 03:56 . 2011-05-04 04:52	164352	----a-w-	c:\windows\system32\SearchProtocolHost.exe
2012-04-02 03:54 . 2011-11-17 05:39	224768	----a-w-	c:\windows\system32\schannel.dll
2012-04-02 03:52 . 2011-12-16 07:59	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-04-02 03:52 . 2010-08-27 05:46	168448	----a-w-	c:\windows\system32\srvsvc.dll
2012-04-02 03:48 . 2012-04-09 08:18	--------	d-----w-	c:\program files\VstPlugins
2012-04-02 03:48 . 2006-06-20 08:56	225280	----a-w-	c:\windows\system32\rewire.dll
2012-04-02 03:47 . 2009-09-15 09:14	1554944	----a-w-	c:\windows\system32\vorbis.acm
2012-04-02 03:47 . 2012-04-02 03:47	--------	d-----w-	c:\program files\Outsim
2012-04-02 03:44 . 2012-04-02 03:47	--------	d-----w-	c:\program files\Image-Line
2012-04-02 03:42 . 2010-08-21 05:36	738816	----a-w-	c:\windows\system32\wmpmde.dll
2012-04-02 03:41 . 2010-05-05 06:46	363520	----a-w-	c:\windows\system32\StructuredQuery.dll
2012-04-02 03:40 . 2011-02-03 05:45	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2012-04-02 03:40 . 2010-11-02 04:46	728448	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2012-04-02 03:40 . 2010-11-02 04:23	107520	----a-w-	c:\windows\system32\cdd.dll
2012-04-02 03:26 . 2012-04-02 03:26	--------	d-----w-	c:\program files\DIFX
2012-04-02 03:17 . 2012-04-02 03:17	--------	d-----w-	c:\program files\LoudAudio
2012-04-02 03:15 . 2011-06-02 23:14	193088	----a-w-	c:\windows\system32\LoudAudioProp.dll
2012-04-02 03:15 . 2011-06-02 23:14	122944	----a-w-	c:\windows\system32\MackieAsio.dll
2012-04-02 03:15 . 2011-06-02 23:14	63552	----a-w-	c:\windows\system32\drivers\MackieUSB.sys
2012-04-02 03:15 . 2011-06-02 23:13	232448	----a-w-	c:\windows\Mackie64.exe
2012-04-02 03:15 . 2011-06-02 23:09	204800	----a-w-	c:\windows\Mackie.exe
2012-04-02 01:04 . 2012-04-02 01:04	--------	d-----w-	c:\program files\VideoLAN
2012-04-01 05:56 . 2012-04-01 06:02	--------	d-----w-	c:\program files\FoxTabVideoConverter
2012-04-01 05:18 . 2012-04-01 05:18	--------	d-----w-	c:\programdata\CyberLink
2012-04-01 05:17 . 2012-04-01 05:17	--------	d--h--w-	c:\program files\InstallShield Installation Information
2012-04-01 05:17 . 2012-04-01 05:18	--------	d-----w-	c:\program files\CyberLink
2012-04-01 05:11 . 2012-04-01 05:11	--------	d-----w-	c:\program files\Common Files\InstallShield
2012-04-01 04:39 . 2012-04-01 06:02	--------	d-----w-	c:\programdata\Nero
2012-04-01 04:39 . 2012-04-01 06:02	--------	d-----w-	c:\program files\Common Files\Nero
2012-04-01 04:39 . 2012-04-01 06:02	--------	d-----w-	c:\program files\Nero
2012-04-01 04:11 . 2000-06-26 18:45	106496	----a-w-	c:\windows\system32\TwnLib20.dll
2012-04-01 04:11 . 2001-06-26 15:15	38912	----a-w-	c:\windows\system32\picn20.dll
2012-04-01 04:11 . 2001-07-07 01:24	283920	----a-w-	c:\windows\system32\ImagXpr5.dll
2012-04-01 04:11 . 2001-07-06 21:41	569344	----a-w-	c:\windows\system32\imagr5.dll
2012-04-01 04:11 . 2001-07-06 19:44	544768	----a-w-	c:\windows\system32\imagx5.dll
2012-04-01 04:11 . 2012-04-01 04:12	--------	d-----w-	c:\program files\Common Files\Ahead
2012-04-01 04:11 . 2001-07-09 18:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
2012-04-01 04:11 . 2012-04-01 04:27	--------	d-----w-	c:\program files\Ahead
2012-04-01 03:47 . 2012-04-03 17:35	--------	d-----w-	c:\windows\Panther
2012-04-01 03:47 . 2012-04-01 03:47	--------	d-----w-	C:\Boot
2012-04-01 03:35 . 2003-06-19 00:31	18944	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-04-01 03:35 . 2003-06-19 00:31	17920	----a-w-	c:\windows\system32\mdimon.dll
2012-04-01 03:35 . 2012-04-01 03:35	--------	d-----w-	C:\Windows.old
2012-04-01 03:34 . 2012-04-01 03:34	--------	d-----w-	c:\program files\Microsoft ActiveSync
2012-04-01 03:33 . 2012-04-03 05:32	--------	d-----w-	c:\program files\Microsoft.NET
2012-04-01 03:33 . 2012-04-01 03:33	--------	d-----w-	c:\windows\PCHEALTH
2012-04-01 03:24 . 2012-02-23 16:18	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-04-01 03:18 . 2012-01-25 05:44	57856	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-01 03:18 . 2012-01-25 05:44	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-01 03:18 . 2012-01-25 05:40	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-01 03:18 . 2009-12-29 06:55	172032	----a-w-	c:\windows\system32\wintrust.dll
2012-04-01 03:17 . 2012-02-15 05:44	826368	----a-w-	c:\windows\system32\rdpcore.dll
2012-04-01 03:17 . 2012-02-15 04:22	177152	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-01 03:17 . 2012-02-15 04:22	24064	----a-w-	c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Loud Taskbar"="c:\program files\LoudAudio\MackieTaskbar.exe" [2011-06-02 579584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1318816]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [2003-04-18 8192]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 203080]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-03 1343400]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 64048]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-07 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-07 150856]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
S3 MackieUSB;Mackie Audio USB Driver;c:\windows\system32\DRIVERS\MackieUSB.sys [2011-06-02 63552]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406179606-2168368824-3621562350-1000Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 03:07]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406179606-2168368824-3621562350-1000UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 03:07]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-26  01:56:03
ComboFix-quarantined-files.txt  2012-04-26 08:55
.
Pre-Run: 39,862,603,776 bytes free
Post-Run: 39,636,246,528 bytes free
.
- - End Of File - - 6442CDB8497F4FFA0791D522775FFF15