Infected with svchost.exe Trojan.Agent

[InsomniacR]

Here's the log from ComboFix:

ComboFix 13-04-04.01 - Ricky Lee 04/04/2013 17:47:31.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6069.4150 [GMT -5:00]

Running from: c:\users\Ricky Lee\Desktop\ComboFix.exe

AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2013-03-04 to 2013-04-04 )))))))))))))))))))))))))))))))

.

.

2013-04-04 22:52 . 2013-04-04 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-04 21:42 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C490519-B23C-4760-93EC-BBA348720734}\mpengine.dll

2013-04-04 13:42 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-04 00:31 . 2013-04-04 00:31 -------- d-----w- c:\program files (x86)\Unlocker

2013-04-03 00:14 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-04-03 00:13 . 2013-02-28 13:57 9061376 ----a-w- c:\windows\system32\mshtml.dll

2013-04-03 00:13 . 2013-02-28 13:57 12296192 ----a-w- c:\windows\system32\ieframe.dll

2013-04-03 00:13 . 2013-02-28 13:57 2458112 ----a-w- c:\windows\system32\iertutil.dll

2013-04-03 00:13 . 2013-02-28 13:57 735744 ----a-w- c:\windows\system32\msfeeds.dll

2013-04-03 00:13 . 2013-02-28 13:57 1013248 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2013-03-30 05:51 . 2013-03-30 05:51 -------- d-----w- c:\users\Ricky Lee\AppData\Local\FLT

2013-03-30 01:43 . 2013-03-30 01:43 -------- d-----w- c:\programdata\ATI

2013-03-30 01:37 . 2013-03-30 01:37 0 ----a-w- c:\windows\ativpsrm.bin

2013-03-30 01:35 . 2013-03-30 01:35 -------- d-----w- c:\program files (x86)\AMD AVT

2013-03-30 01:35 . 2013-03-30 01:35 -------- d-----w- c:\program files (x86)\AMD APP

2013-03-30 01:35 . 2013-03-30 01:35 -------- d-----w- c:\program files\Common Files\ATI Technologies

2013-03-30 01:35 . 2013-03-30 01:35 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2013-03-30 01:33 . 2013-03-30 01:33 -------- d-----w- c:\program files (x86)\ATI Technologies

2013-03-30 01:32 . 2013-03-30 01:34 -------- d-----w- c:\program files\ATI Technologies

2013-03-30 01:32 . 2013-03-30 01:32 -------- d-----w- c:\program files\ATI

2013-03-30 01:32 . 2013-03-30 01:32 -------- d-----w- C:\AMD

2013-03-21 01:14 . 2013-01-07 23:13 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3367A3C5-2B99-486E-86AB-E874F1DF9F22}\gapaengine.dll

2013-03-09 06:53 . 2013-03-30 09:38 -------- d-----w- c:\programdata\GFACE

2013-03-07 23:55 . 2013-03-07 23:55 -------- d-----w- c:\program files (x86)\Phyxion.net

2013-03-07 07:01 . 2013-03-07 07:01 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-02 10:34 . 2012-01-15 05:11 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-04-01 05:09 . 2013-02-16 06:56 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-04-01 05:09 . 2012-02-21 06:34 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-04-01 05:03 . 2012-02-21 06:21 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-03-13 07:00 . 2013-03-02 07:19 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 07:00 . 2013-03-02 07:19 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-07 07:01 . 2012-06-19 08:03 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-07 07:01 . 2012-01-21 00:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-26 20:05 . 2013-02-26 20:05 76288 ----a-w- c:\windows\system32\OpenVideo64.dll

2013-02-26 20:05 . 2013-02-26 20:05 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2013-02-26 20:05 . 2013-02-26 20:05 64000 ----a-w- c:\windows\system32\OVDecode64.dll

2013-02-26 20:05 . 2013-02-26 20:05 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2013-02-26 20:04 . 2013-02-26 20:04 29149696 ----a-w- c:\windows\system32\amdocl64.dll

2013-02-26 20:03 . 2013-02-26 20:03 23810048 ----a-w- c:\windows\SysWow64\amdocl.dll

2013-02-26 20:01 . 2013-02-26 20:01 54784 ----a-w- c:\windows\system32\OpenCL.dll

2013-02-26 20:01 . 2013-02-26 20:01 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-02-26 19:54 . 2013-02-26 19:54 5067264 ----a-w- c:\windows\system32\amdsc64.dll

2013-02-26 19:54 . 2013-02-26 19:54 4083200 ----a-w- c:\windows\SysWow64\amdsc.dll

2013-02-16 06:57 . 2013-02-16 06:56 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-02-12 05:45 . 2013-04-03 00:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-04-03 00:12 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-04-03 00:12 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 05:45 . 2013-04-03 00:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 04:48 . 2013-04-03 00:12 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-04-03 00:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-15 10:11 . 2013-01-15 10:11 110080 ----a-w- c:\windows\system32\DelayAPO.dll

2013-01-07 23:13 . 2013-01-13 03:52 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-01-05 05:53 . 2013-02-15 18:56 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:00 . 2013-02-15 18:56 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-15 18:56 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-01-16 23:22 . 2012-01-16 23:22 293736 ----a-w- c:\program files\iTunesOutlookAddIn.dll

2012-01-16 23:22 . 2012-01-16 23:22 421736 ----a-w- c:\program files\iTunesHelper.exe

2012-01-16 23:22 . 2012-01-16 23:22 403304 ----a-w- c:\program files\iTunesAdmin.dll

2012-01-16 23:22 . 2012-01-16 23:22 156520 ----a-w- c:\program files\iTunesHelper.dll

2012-01-16 23:22 . 2012-01-16 23:22 9777000 ----a-w- c:\program files\iTunes.exe

2012-01-16 23:22 . 2012-01-16 23:22 20868968 ----a-w- c:\program files\iTunes.dll

2012-01-16 23:22 . 2012-01-16 23:22 803200 ----a-w- c:\program files\gnsdk_sdkmanager.dll

2012-01-16 23:22 . 2012-01-16 23:22 3035520 ----a-w- c:\program files\gnsdk_dsp.dll

2012-01-16 23:22 . 2012-01-16 23:22 287104 ----a-w- c:\program files\gnsdk_submit.dll

2012-01-16 23:22 . 2012-01-16 23:22 246144 ----a-w- c:\program files\gnsdk_musicid.dll

2011-11-15 02:16 . 2011-11-15 02:16 112488 ----a-w- c:\program files\ITDetector.ocx

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-01-07 446648]

"Akamai NetSession Interface"="c:\users\Ricky Lee\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"PWRISOVM.EXE"="e:\programs files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]

"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-31 32112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Z1"="c:\users\Ricky Lee\Desktop\mbar\mbar.exe" [2013-03-21 1363016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12240872.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]

R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\preload64\procmon\AsPrOb64.sys [2008-01-04 11320]

R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]

R3 bthav;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2008-07-11 40448]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-27 14448]

R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-23 23680]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-15 1255736]

R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-08 379520]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S2 Winferno Subscription Service;Winferno Subscription Service;c:\program files (x86)\Common Files\Winferno\WSS\WSS.exe [2012-05-31 132488]

S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 07:00]

.

2013-04-04 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Security Programs\Glary Utilities\initialize.exe [2012-02-27 06:26]

.

2013-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454164672-1201679167-2793277201-1000Core.job

- c:\users\Ricky Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 07:29]

.

2013-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454164672-1201679167-2793277201-1000UA.job

- c:\users\Ricky Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 07:29]

.

2013-04-04 c:\windows\Tasks\WSSHelper.job

- c:\program files (x86)\Common Files\Winferno\WSS\WSSHelper.exe [2012-01-15 20:41]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-26 59248]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 10.50.0.1

FF - ProfilePath - c:\users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.utexas.edu/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-ASUS_Notebook_G73 - c:\windows\system32\ASUS_Notebook_G73.scr

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-04 17:55:39

ComboFix-quarantined-files.txt 2013-04-04 22:55

.

Pre-Run: 84,333,973,504 bytes free

Post-Run: 84,329,312,256 bytes free

.

- - End Of File - - F407DE38FB2E7B5C9DD96BEB17F28D20

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[InsomniacR]

The quickscan report:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.04.04.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Ricky Lee :: RICKYLEE-PC [administrator]

4/4/2013 6:19:30 PM

mbam-log-2013-04-04 (18-19-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219148

Time elapsed: 1 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

OK, see if it stays like that...MrC

[InsomniacR]

I've restarted a few times, and so far, I've seen nothing out of the ordinary. Start up seems faster, and there aren't any signs of abrupt CPU usages. Svchost.exe file has not reappeared in my Temp folder or anywhere else.

[MrCharlie]

OK, use it and give me a report tomorrow, MrC

[InsomniacR]

Alright, I've done another quickscan after a restart, seems good so far, here's the log:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.04.05.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Ricky Lee :: RICKYLEE-PC [administrator]

4/5/2013 3:58:26 PM

mbam-log-2013-04-05 (15-58-26).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219126

Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

Great.......

Just make sure you follow up with this closing post:

http://forums.malwarebytes.org/index.php?showtopic=124628&view=findpost&p=664615

Take Care.....MrC

[InsomniacR]

I'll be sure to update, and uninstall the the tools, and outdated programs. I want to thank you Mr. Charlie for your help and patience. I really appreciate the assistance that you have provided me for fixing my laptop.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!