ComboFix 13-10-12.01 - doma 14.10.2013   7:59.1.2 - x86
Microsoft Windows Vista Business   6.0.6002.2.1252.1.1029.18.3060.1645 [GMT 2:00]
Running from: L:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dwhiwjf.plz
c:\windows\system32\SET677.tmp
c:\windows\system32\SET80F.tmp
c:\windows\system32\SET8AD.tmp
c:\windows\system32\SET9B8.tmp
c:\windows\system32\SET9BDC.tmp
c:\windows\system32\SETA1C9.tmp
c:\windows\system32\SETA3E1.tmp
c:\windows\system32\SETAA3F.tmp
c:\windows\system32\SETAF2.tmp
c:\windows\system32\SETBC7E.tmp
c:\windows\XSxS
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-14 to 2013-10-14  )))))))))))))))))))))))))))))))
.
.
2013-10-14 06:07 . 2013-10-14 06:07	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-10-14 06:07 . 2013-10-14 06:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-14 06:07 . 2013-10-14 06:07	--------	d-----w-	c:\users\doma\AppData\Local\temp
2013-10-14 05:46 . 2013-10-14 05:46	--------	d-----w-	c:\windows\LastGood
2013-10-12 15:14 . 2013-10-12 15:27	--------	d-----w-	C:\zaloha
2013-10-12 08:16 . 2013-09-22 10:14	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-10-11 18:30 . 2013-07-12 09:04	134272	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2013-10-11 18:30 . 2013-07-12 09:04	73344	----a-w-	c:\windows\system32\drivers\USBAUDIO.sys
2013-10-11 18:30 . 2013-06-26 23:01	527064	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-10-11 18:30 . 2013-06-04 01:49	293376	----a-w-	c:\windows\system32\atmfd.dll
2013-10-11 18:30 . 2013-06-04 04:16	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-10-11 18:30 . 2013-07-04 04:21	532480	----a-w-	c:\windows\system32\comctl32.dll
2013-10-11 18:30 . 2013-07-03 02:10	25472	----a-w-	c:\windows\system32\drivers\hidparse.sys
2013-10-08 15:51 . 2013-09-05 05:02	7328304	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{653C5354-F7DB-4266-BBDA-75264E4E2D66}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 20:41 . 2012-04-03 06:49	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-10-09 20:41 . 2011-05-23 05:57	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 02:22 . 2009-10-02 19:18	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-08-02 04:09 . 2013-08-28 15:30	1548288	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-17 19:41 . 2013-08-15 19:51	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46	2642432	----a-w-	c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2009-12-06 12:59	217088	----a-w-	c:\program files\Family Toolbar\mhxpcomi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	121528	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-28 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^doma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-11-17 11:53	171464	----a-w-	c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 11:57	173592	------w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-08-07 08:59	331288	----a-w-	c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 11:57	150552	------w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-05-28 16:29	4472832	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07	252296	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-06-23 05:06	273544	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:41]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-27 12:17]
.
2013-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-27 12:17]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215765478-2593845076-807826192-1003Core.job
- c:\users\doma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 09:32]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215765478-2593845076-807826192-1003UA.job
- c:\users\doma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 09:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://start.myplaycity.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.138
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Family Toolbar\mhxpcomi.dll
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-14 08:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4215765478-2593845076-807826192-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4215765478-2593845076-807826192-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
Completion time: 2013-10-14  08:10:37
ComboFix-quarantined-files.txt  2013-10-14 06:10
.
Pre-Run: Volnch bajtu: 45521465344
Post-Run: Volnch bajtu: 45439139840
.
- - End Of File - - B9C6D7D77FF8D3ED674702D1AC98C2AA
C073FA9D3007EA84383CB5D57503BBE1
