ComboFix 13-12-18.01 - DUANE 12/18/2013  18:56:47.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.504.231 [GMT -7:00]
Running from: c:\documents and settings\DUANE\My Documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\readme.txt
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-19 to 2013-12-19  )))))))))))))))))))))))))))))))
.
.
2013-12-18 23:55 . 2013-12-18 23:55	12568	----a-w-	c:\windows\system32\drivers\PROCEXP113.SYS
2013-12-18 17:35 . 2013-12-18 17:40	--------	d-----w-	C:\AdwCleaner
2013-12-18 10:50 . 2013-12-18 10:50	--------	d-----w-	c:\documents and settings\DUANE\Application Data\SUPERAntiSpyware.com
2013-12-18 10:49 . 2013-12-18 10:50	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-12-18 10:49 . 2013-12-18 10:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-12-18 07:54 . 2013-12-18 07:54	51416	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-12-18 07:45 . 2013-12-18 07:45	--------	d-----w-	c:\program files\FileASSASSIN
2013-12-18 06:31 . 2013-12-18 06:31	57672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-12-18 06:31 . 2013-12-18 06:31	180248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-12-18 06:31 . 2013-12-18 06:31	775952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-12-18 06:31 . 2013-12-18 06:31	410528	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-12-18 06:31 . 2013-12-18 06:31	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-12-18 06:31 . 2013-12-10 23:11	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-12-18 06:31 . 2013-12-18 06:31	54832	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-12-18 06:31 . 2013-12-18 06:31	43152	----a-w-	c:\windows\avastSS.scr
2013-12-18 04:50 . 2013-12-18 23:55	--------	d-----w-	c:\windows\system32\CatRoot2
2013-12-18 04:24 . 2013-12-18 04:25	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-12-18 04:24 . 2013-04-04 21:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-12-17 22:31 . 2013-12-17 22:31	--------	d-----w-	C:\_OTL
2013-12-17 21:10 . 2013-12-18 04:53	181064	----a-w-	c:\windows\PSEXESVC.EXE
2013-12-17 21:07 . 2013-12-17 21:07	--------	d-----w-	C:\RegBackup
2013-12-17 20:53 . 2001-08-17 21:07	101888	-c--a-w-	c:\windows\system32\dllcache\adpu160m.sys
2013-12-17 20:53 . 2001-08-17 19:11	46112	-c--a-w-	c:\windows\system32\dllcache\adptsf50.sys
2013-12-17 20:53 . 2008-04-14 05:06	10880	-c--a-w-	c:\windows\system32\dllcache\admjoy.sys
2013-12-17 20:53 . 2001-08-17 19:19	747392	-c--a-w-	c:\windows\system32\dllcache\adm8830.sys
2013-12-17 20:53 . 2001-08-17 19:19	553984	-c--a-w-	c:\windows\system32\dllcache\adm8820.sys
2013-12-17 20:53 . 2001-08-17 19:19	584448	-c--a-w-	c:\windows\system32\dllcache\adm8810.sys
2013-12-17 20:53 . 2001-08-17 20:53	7424	-c--a-w-	c:\windows\system32\dllcache\adicvls.sys
2013-12-17 20:53 . 2001-08-17 19:11	20160	-c--a-w-	c:\windows\system32\dllcache\adm8511.sys
2013-12-17 20:53 . 2001-08-18 05:36	61440	-c--a-w-	c:\windows\system32\dllcache\acerscad.dll
2013-12-17 20:51 . 2013-12-17 20:51	--------	d-----w-	c:\program files\Tweaking.com
2013-12-17 20:27 . 2013-12-17 20:27	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-12-16 20:42 . 2013-12-18 05:23	--------	d-----w-	c:\documents and settings\DUANE\Application Data\ElevatedDiagnostics
2013-12-16 18:22 . 2013-12-18 20:23	--------	d-----w-	c:\windows\system32\NtmsData
2013-12-16 18:11 . 2013-12-18 07:25	--------	d-sh--w-	c:\windows\Installer
2013-12-16 04:29 . 2013-12-17 03:19	--------	d-----w-	c:\program files\Free Window Registry Repair
2013-12-16 02:40 . 2013-12-16 02:40	--------	d-----w-	C:\yenicag
2013-12-15 15:48 . 2013-12-15 16:36	--------	d-----w-	c:\documents and settings\DUANE\Application Data\ImgBurn
2013-12-15 07:49 . 2013-12-15 07:49	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-12-15 07:48 . 2013-12-15 07:48	--------	d-----w-	c:\program files\ImgBurn
2013-12-15 05:46 . 2013-12-15 05:46	--------	d-----w-	c:\program files\SysTools BKF Recovery
2013-12-15 01:53 . 2013-12-15 01:52	47564	----a-w-	c:\windows\system32\NTDETECT.COM
2013-12-14 17:48 . 2013-12-14 17:48	--------	d-----w-	c:\program files\EaseUS
2013-12-13 08:25 . 2013-12-13 10:43	--------	d-----w-	c:\windows\system32\CatRoot_bak
2013-12-12 18:24 . 2013-12-12 18:24	3038	------w-	C:\fix_svchost.bat
2013-12-12 16:56 . 2013-12-15 21:42	--------	d--h--w-	c:\windows\system32\GroupPolicy
2013-12-12 12:48 . 2013-12-12 12:48	--------	d-----w-	c:\documents and settings\DUANE\Local Settings\Application Data\Help
2013-12-12 11:59 . 2013-12-12 13:44	--------	d-----w-	c:\documents and settings\Administrator
2013-12-12 09:50 . 2013-12-12 09:50	--------	d-----w-	c:\documents and settings\MARILYN\Application Data\AVAST Software
2013-12-12 01:57 . 2013-12-18 09:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-12 00:39 . 2013-12-12 00:39	--------	d-----w-	c:\documents and settings\DUANE\Application Data\Malwarebytes
2013-12-12 00:39 . 2013-12-12 00:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2013-12-10 23:16 . 2013-12-10 23:16	--------	d-----w-	c:\documents and settings\DUANE\Application Data\AVAST Software
2013-11-26 11:19 . 2013-11-26 11:20	--------	d-----w-	c:\documents and settings\DUANE\Application Data\Tibia
2013-11-26 11:19 . 2013-12-12 17:07	--------	d-----w-	c:\program files\Tibia
2013-11-26 05:47 . 2013-12-16 18:08	--------	d-----w-	c:\windows\sd_old
2013-11-25 22:36 . 2013-11-25 22:36	--------	d-----w-	c:\documents and settings\All Users\Application Data\Licenses
2013-11-25 22:36 . 2011-11-04 12:13	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2013-11-25 22:36 . 2009-03-24 19:52	129872	----a-w-	c:\windows\system32\MSSTDFMT.DLL
2013-11-25 22:36 . 2013-11-25 22:50	--------	d-----w-	c:\program files\SpywareBlaster
2013-11-25 00:11 . 2013-11-25 00:19	--------	d-----w-	C:\temp
2013-11-24 06:43 . 2013-11-24 07:02	--------	d-----w-	C:\ARENA
2013-11-23 01:35 . 2010-06-02 11:55	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2013-11-23 01:35 . 2010-06-02 11:55	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2013-11-23 01:35 . 2010-06-02 11:55	239960	----a-w-	c:\windows\system32\xactengine3_7.dll
2013-11-23 01:35 . 2010-05-26 18:41	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2013-11-23 01:35 . 2010-05-26 18:41	1868128	----a-w-	c:\windows\system32\d3dcsx_43.dll
2013-11-23 01:35 . 2010-05-26 18:41	248672	----a-w-	c:\windows\system32\d3dx11_43.dll
2013-11-23 01:35 . 2010-05-26 18:41	470880	----a-w-	c:\windows\system32\d3dx10_43.dll
2013-11-23 01:35 . 2010-05-26 18:41	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 06:31 . 2012-10-01 22:59	270240	----a-w-	c:\windows\system32\aswBoot.exe
2013-12-16 02:05 . 2006-02-28 12:00	125952	----a-w-	c:\windows\system32\apphelp.dll
2013-12-13 21:27 . 2006-02-28 12:00	21504	----a-w-	c:\windows\system32\rcp.exe
2013-12-12 23:28 . 2006-02-28 12:00	337920	----a-w-	c:\windows\system32\filemgmt.dll
2013-12-12 12:31 . 2006-02-28 12:00	14336	----a-w-	c:\windows\system32\svchost.exe
2013-12-11 16:50 . 2006-09-29 01:56	55808	-c--a-w-	c:\windows\system32\WudfSvc.dll
2013-12-11 08:37 . 2012-10-02 00:11	692616	-c--a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-12-11 08:37 . 2012-10-02 00:11	71048	-c--a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-13 02:59 . 2006-02-28 12:00	150528	----a-w-	c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2006-02-28 12:00	591360	----a-w-	c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2012-10-01 23:39	7168	----a-w-	c:\windows\system32\xpsp4res.dll
2013-10-23 23:45 . 2006-02-28 12:00	172032	----a-w-	c:\windows\system32\scrrun.dll
2013-10-12 15:56 . 2006-02-28 12:00	278528	----a-w-	c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2006-02-28 12:00	287744	----a-w-	c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2006-02-28 12:00	603136	----a-w-	c:\windows\system32\crypt32.dll
2012-10-05 16:31 . 2012-10-05 16:30	207830277	-c--a-w-	c:\program files\DarkAges735single.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-18 06:31	259464	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-17 5625624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-18 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [12/17/2013 11:31 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [12/17/2013 11:31 PM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/17/2013 11:31 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/17/2013 11:31 PM 410528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12/17/2013 11:31 PM 67824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/17/2013 9:24 PM 22856]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [10/10/2013 3:54 PM 120088]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/17/2013 9:24 PM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/17/2013 9:24 PM 701512]
S3 STV673;WebCam II;c:\windows\system32\drivers\stv673.sys [11/14/2012 2:34 PM 103548]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 10:43	1210320	----a-w-	c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 08:38]
.
2013-12-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-01 06:30]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-01 23:00]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-01 23:00]
.
2013-12-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2764afb3-400c-42b2-a98a-13b666dc5abd.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2013-12-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task da951e1a-edc7-45fd-b860-c5ce56d98db1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-18 19:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-12-18  19:15:07
ComboFix-quarantined-files.txt  2013-12-19 02:15
ComboFix2.txt  2013-12-18 03:43
.
Pre-Run: 54,293,708,800 bytes free
Post-Run: 54,288,326,656 bytes free
.
- - End Of File - - 83E64C6B2A9FC9D3FD87C26DFAC811B0
8F558EB6672622401DA993E1E865C861