Internet lags, is it a virus?

Somehow I didn't save it the first time, but I did it again and saved it, is it bad? Internet seems ok now, can you inform me of that malware and if it's been deleted?

Here is the log from gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-18 01:02:16
Windows 5.1.2600 Service Pack 3
Running: b9j1djej.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgloapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\SSHDRV79.sys section is writeable [0xB85BD000, 0x2247E, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\SSHDRV79.sys entry point in ".pklstb" section [0xB85EE000]
.relo2 C:\WINDOWS\system32\drivers\SSHDRV79.sys unknown last section [0xB8603000, 0x8A, 0x42000040]
.text C:\WINDOWS\system32\drivers\SSHDRV85.sys section is writeable [0xB8572000, 0x24A24, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\SSHDRV85.sys entry point in ".pklstb" section [0xB85A5000]
.relo2 C:\WINDOWS\system32\drivers\SSHDRV85.sys unknown last section [0xB85BB000, 0x8E, 0x42000040]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?3?4?5?6?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ν\3\xbd\3\x384\3µ\3Γ\3\xb7\3 \0Δ\3\xb7\3\xbb\3µ\3Μ\3Α\3\xb1\3Γ\3\xb7\3Β\3/\0\xb2\3\x2015\3\xbd\3Δ\3µ\3Ώ\3 \0Δ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t 1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGXSCSI\Parameters\PnpInterface@0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA4 0xE9 0x52 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0xCE 0x0B 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCB 0xA7 0xF1 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD2 0xD7 0x2F 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x25 0x41 0xC1 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA0 0x54 0x09 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x09 0xB6 0x21 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?3?4?5?6?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ν\3\xbd\3\x384\3µ\3Γ\3\xb7\3 \0Δ\3\xb7\3\xbb\3µ\3Μ\3Α\3\xb1\3Γ\3\xb7\3Β\3/\0\xb2\3\x2015\3\xbd\3Δ\3µ\3Ώ\3 \0Δ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t 1?
Reg HKLM\SYSTEM\ControlSet002\Services\FGXSCSI\Parameters\PnpInterface@0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA4 0xE9 0x52 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0xCE 0x0B 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCB 0xA7 0xF1 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD2 0xD7 0x2F 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x25 0x41 0xC1 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA0 0x54 0x09 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x09 0xB6 0x21 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0xE7 0xC2 0x70 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x25 0x41 0xC1 0x5A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDC 0x0C 0xB0 0xC5 ...

---- EOF - GMER 1.0.15 ----

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
sfsync02.sys
atapi.sys
SSHDRV79.sys
SSHDRV85.sys

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:42 on 18/04/2010 by User (Administrator - Elevation successful)

========== filefind ==========

Searching for "sfsync02.sys"
C:\Documents and Settings\User\Επιφάνεια εργασίας\Guns 'N' Roses\drivers\sfsync02.sys --a--- 20544 bytes [10:20 03/12/2004] [10:20 03/12/2004] 798D918D8F20380008277CE3CE5319D1
C:\WINDOWS\system32\drivers\sfsync02.sys --a--- 20544 bytes [13:54 28/10/2009] [10:20 03/12/2004] 798D918D8F20380008277CE3CE5319D1

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [21:45 15/09/2008] [20:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [10:09 16/04/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [05:59 04/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys --a--- 95360 bytes [10:45 10/01/2008] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys --a--- 95360 bytes [10:45 10/01/2008] [20:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

Searching for "SSHDRV79.sys"
C:\Documents and Settings\User\Επιφάνεια εργασίας\Guns 'N' Roses\drivers\SSHDRV79.sys --a--- 75264 bytes [23:16 03/05/2008] [23:16 03/05/2008] B4710B65D78849DD7743B8998162C2FC
C:\WINDOWS\system32\drivers\SSHDRV79.sys --a--- 75264 bytes [13:54 28/10/2009] [23:16 03/05/2008] B4710B65D78849DD7743B8998162C2FC

Searching for "SSHDRV85.sys"
C:\WINDOWS\system32\drivers\SSHDRV85.sys --a--- 78848 bytes [12:30 01/12/2009] [12:30 01/12/2009] F0BE373861A3F34CFAB55C1B7CE1FEB5

-=End Of File=-

Hello.
I am consulting with an expert, stay with me here, something confusing I wasn't expecting to see here.

Hello, please re-run GMER, this time, tick all the boxes on the right, except for "show all", I need to see as much as I can.

Alright, gmer takes 2 hours though...

Cause it has a lot to scan? I need as much detail as possible, even if it shows no difference, I'm not leaving it to chance.

By the way the previous time everything was checked, so shall I do the same?

Yes please, while doing that I am talking to another expert about this, something weird is going on.

Alright, I'll be off for a while to run gmer on safe mode. I will be back as soon as possible

Hello.
Do you have the XP disc? we need a copy of some infected files.

The xp which I have installed my windows? I think not but I shall search. By the way I shall post the results of gmer as soon as possible

I don't think that it has to do with my XP, because I would have this problem from the start. Check out this as someone has given this to me. This might be the problem.
-
Note: It contains viruses and other things which we found with the scan of malwerbytes (keylogers, viruses, etc)

I removed the link, please don't post links to something that contains malware, sites or archived files.

I will be back later when I am at home and have access to my toolkit.

You saved the link or I will have to pm you?

Inform me when you can

Don't need the link if the file contains malware, what MBAM found is nothing compared to this infection.

So what can do now? I will run gmer in 10 mins again, because yesterday I left and didn't save it..

Hello.
I want to test something.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  
  
• If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  
• When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
  

When I do it, it says that it couldn't file the file, even though thee tdss is on the desktop. I tried to rename it on tdss.exe and still nothing.. But I looked on C: and here is the file:

21:18:26:671 5368 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
21:18:26:671 5368 ================================================================================
21:18:26:671 5368 SystemInfo:

21:18:26:671 5368 OS Version: 5.1.2600 ServicePack: 3.0
21:18:26:671 5368 Product type: Workstation
21:18:26:671 5368 ComputerName: HP11546321382
21:18:26:671 5368 UserName: User
21:18:26:671 5368 Windows directory: C:\WINDOWS
21:18:26:671 5368 Processor architecture: Intel x86
21:18:26:671 5368 Number of processors: 1
21:18:26:671 5368 Page size: 0x1000
21:18:26:671 5368 Boot type: Normal boot
21:18:26:671 5368 ================================================================================
21:18:26:671 5368 UnloadDriverW: NtUnloadDriver error 2
21:18:26:671 5368 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:18:26:781 5368 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:18:26:781 5368 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:18:26:781 5368 wfopen_ex: Trying to KLMD file open
21:18:26:781 5368 wfopen_ex: File opened ok (Flags 2)
21:18:26:781 5368 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:18:26:781 5368 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:18:26:781 5368 wfopen_ex: Trying to KLMD file open
21:18:26:781 5368 wfopen_ex: File opened ok (Flags 2)
21:18:26:781 5368 Initialize success
21:18:26:781 5368
21:18:26:781 5368 Scanning Services ...
21:18:27:484 5368 Raw services enum returned 427 services
21:18:27:500 5368
21:18:27:500 5368 Scanning Kernel memory ...
21:18:27:500 5368 Devices to scan: 4
21:18:27:500 5368
21:18:27:500 5368 Driver Name: Disk
21:18:27:500 5368 IRP_MJ_CREATE : B80EEBB0
21:18:27:500 5368 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
21:18:27:500 5368 IRP_MJ_CLOSE : B80EEBB0
21:18:27:500 5368 IRP_MJ_READ : B80E8D1F
21:18:27:500 5368 IRP_MJ_WRITE : B80E8D1F
21:18:27:500 5368 IRP_MJ_QUERY_INFORMATION : 804F355A
21:18:27:500 5368 IRP_MJ_SET_INFORMATION : 804F355A
21:18:27:500 5368 IRP_MJ_QUERY_EA : 804F355A
21:18:27:500 5368 IRP_MJ_SET_EA : 804F355A
21:18:27:500 5368 IRP_MJ_FLUSH_BUFFERS : B80E92E2
21:18:27:500 5368 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
21:18:27:500 5368 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
21:18:27:500 5368 IRP_MJ_DIRECTORY_CONTROL : 804F355A
21:18:27:500 5368 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
21:18:27:500 5368 IRP_MJ_DEVICE_CONTROL : B80E93BB
21:18:27:500 5368 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80ECF28
21:18:27:500 5368 IRP_MJ_SHUTDOWN : B80E92E2
21:18:27:500 5368 IRP_MJ_LOCK_CONTROL : 804F355A
21:18:27:500 5368 IRP_MJ_CLEANUP : 804F355A
21:18:27:500 5368 IRP_MJ_CREATE_MAILSLOT : 804F355A
21:18:27:500 5368 IRP_MJ_QUERY_SECURITY : 804F355A
21:18:27:500 5368 IRP_MJ_SET_SECURITY : 804F355A
21:18:27:500 5368 IRP_MJ_POWER : B80EAC82
21:18:27:500 5368 IRP_MJ_SYSTEM_CONTROL : B80EF99E
21:18:27:500 5368 IRP_MJ_DEVICE_CHANGE : 804F355A
21:18:27:500 5368 IRP_MJ_QUERY_QUOTA : 804F355A
21:18:27:500 5368 IRP_MJ_SET_QUOTA : 804F355A
21:18:27:593 5368 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:18:27:593 5368
21:18:27:593 5368 Driver Name: Disk
21:18:27:593 5368 IRP_MJ_CREATE : B80EEBB0
21:18:27:593 5368 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
21:18:27:593 5368 IRP_MJ_CLOSE : B80EEBB0
21:18:27:593 5368 IRP_MJ_READ : B80E8D1F
21:18:27:593 5368 IRP_MJ_WRITE : B80E8D1F
21:18:27:593 5368 IRP_MJ_QUERY_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_SET_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_EA : 804F355A
21:18:27:593 5368 IRP_MJ_SET_EA : 804F355A
21:18:27:593 5368 IRP_MJ_FLUSH_BUFFERS : B80E92E2
21:18:27:593 5368 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_DIRECTORY_CONTROL : 804F355A
21:18:27:593 5368 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
21:18:27:593 5368 IRP_MJ_DEVICE_CONTROL : B80E93BB
21:18:27:593 5368 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80ECF28
21:18:27:593 5368 IRP_MJ_SHUTDOWN : B80E92E2
21:18:27:593 5368 IRP_MJ_LOCK_CONTROL : 804F355A
21:18:27:593 5368 IRP_MJ_CLEANUP : 804F355A
21:18:27:593 5368 IRP_MJ_CREATE_MAILSLOT : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_SECURITY : 804F355A
21:18:27:593 5368 IRP_MJ_SET_SECURITY : 804F355A
21:18:27:593 5368 IRP_MJ_POWER : B80EAC82
21:18:27:593 5368 IRP_MJ_SYSTEM_CONTROL : B80EF99E
21:18:27:593 5368 IRP_MJ_DEVICE_CHANGE : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_QUOTA : 804F355A
21:18:27:593 5368 IRP_MJ_SET_QUOTA : 804F355A
21:18:27:593 5368 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:18:27:593 5368
21:18:27:593 5368 Driver Name: atapi
21:18:27:593 5368 IRP_MJ_CREATE : B7E08B40
21:18:27:593 5368 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
21:18:27:593 5368 IRP_MJ_CLOSE : B7E08B40
21:18:27:593 5368 IRP_MJ_READ : 804F355A
21:18:27:593 5368 IRP_MJ_WRITE : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_SET_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_EA : 804F355A
21:18:27:593 5368 IRP_MJ_SET_EA : 804F355A
21:18:27:593 5368 IRP_MJ_FLUSH_BUFFERS : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_DIRECTORY_CONTROL : 804F355A
21:18:27:593 5368 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
21:18:27:593 5368 IRP_MJ_DEVICE_CONTROL : B7E08B40
21:18:27:593 5368 IRP_MJ_INTERNAL_DEVICE_CONTROL : B8340D60
21:18:27:593 5368 IRP_MJ_SHUTDOWN : 804F355A
21:18:27:593 5368 IRP_MJ_LOCK_CONTROL : 804F355A
21:18:27:593 5368 IRP_MJ_CLEANUP : 804F355A
21:18:27:593 5368 IRP_MJ_CREATE_MAILSLOT : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_SECURITY : 804F355A
21:18:27:593 5368 IRP_MJ_SET_SECURITY : 804F355A
21:18:27:593 5368 IRP_MJ_POWER : B7E08B40
21:18:27:593 5368 IRP_MJ_SYSTEM_CONTROL : B7E08B40
21:18:27:593 5368 IRP_MJ_DEVICE_CHANGE : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_QUOTA : 804F355A
21:18:27:593 5368 IRP_MJ_SET_QUOTA : 804F355A
21:18:27:593 5368 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:18:27:593 5368
21:18:27:593 5368 Driver Name: atapi
21:18:27:593 5368 IRP_MJ_CREATE : B7E08B40
21:18:27:593 5368 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
21:18:27:593 5368 IRP_MJ_CLOSE : B7E08B40
21:18:27:593 5368 IRP_MJ_READ : 804F355A
21:18:27:593 5368 IRP_MJ_WRITE : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_SET_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_EA : 804F355A
21:18:27:593 5368 IRP_MJ_SET_EA : 804F355A
21:18:27:593 5368 IRP_MJ_FLUSH_BUFFERS : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
21:18:27:593 5368 IRP_MJ_DIRECTORY_CONTROL : 804F355A
21:18:27:593 5368 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
21:18:27:593 5368 IRP_MJ_DEVICE_CONTROL : B7E08B40
21:18:27:593 5368 IRP_MJ_INTERNAL_DEVICE_CONTROL : B8340D60
21:18:27:593 5368 IRP_MJ_SHUTDOWN : 804F355A
21:18:27:593 5368 IRP_MJ_LOCK_CONTROL : 804F355A
21:18:27:593 5368 IRP_MJ_CLEANUP : 804F355A
21:18:27:593 5368 IRP_MJ_CREATE_MAILSLOT : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_SECURITY : 804F355A
21:18:27:593 5368 IRP_MJ_SET_SECURITY : 804F355A
21:18:27:593 5368 IRP_MJ_POWER : B7E08B40
21:18:27:593 5368 IRP_MJ_SYSTEM_CONTROL : B7E08B40
21:18:27:593 5368 IRP_MJ_DEVICE_CHANGE : 804F355A
21:18:27:593 5368 IRP_MJ_QUERY_QUOTA : 804F355A
21:18:27:593 5368 IRP_MJ_SET_QUOTA : 804F355A
21:18:27:593 5368 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:18:27:593 5368
21:18:27:593 5368 Completed
21:18:27:593 5368
21:18:27:593 5368 Results:
21:18:27:609 5368 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:18:27:609 5368 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:18:27:609 5368 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:18:27:609 5368
21:18:27:609 5368 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:18:27:609 5368 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:18:27:609 5368 KLMD(ARK) unloaded successfully


And here are the results of Gmer you asked me (only this time, I clicked on D: too because it enables me to store files there as if it was C: and you said to me to click all the fields available on the right):

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-19 21:12:19
Windows 5.1.2600 Service Pack 3
Running: b9j1djej.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgloapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\SSHDRV79.sys section is writeable [0xB85BD000, 0x2247E, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\SSHDRV79.sys entry point in ".pklstb" section [0xB85EE000]
.relo2 C:\WINDOWS\system32\drivers\SSHDRV79.sys unknown last section [0xB8603000, 0x8A, 0x42000040]
.text C:\WINDOWS\system32\drivers\SSHDRV85.sys section is writeable [0xB8572000, 0x24A24, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\SSHDRV85.sys entry point in ".pklstb" section [0xB85A5000]
.relo2 C:\WINDOWS\system32\drivers\SSHDRV85.sys unknown last section [0xB85BB000, 0x8E, 0x42000040]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?3?4?5?6?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ν\3\xbd\3\x384\3µ\3Γ\3\xb7\3 \0Δ\3\xb7\3\xbb\3µ\3Μ\3Α\3\xb1\3Γ\3\xb7\3Β\3/\0\xb2\3\x2015\3\xbd\3Δ\3µ\3Ώ\3 \0Δ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t 1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGXSCSI\Parameters\PnpInterface@0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0x95 0xFC 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0xCE 0x0B 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCB 0xA7 0xF1 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD2 0xD7 0x2F 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x25 0x41 0xC1 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA0 0x54 0x09 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x09 0xB6 0x21 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?3?4?5?6?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ν\3\xbd\3\x384\3µ\3Γ\3\xb7\3 \0Δ\3\xb7\3\xbb\3µ\3Μ\3Α\3\xb1\3Γ\3\xb7\3Β\3/\0\xb2\3\x2015\3\xbd\3Δ\3µ\3Ώ\3 \0Δ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t 1?
Reg HKLM\SYSTEM\ControlSet002\Services\FGXSCSI\Parameters\PnpInterface@0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0x95 0xFC 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0xCE 0x0B 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCB 0xA7 0xF1 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD2 0xD7 0x2F 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x25 0x41 0xC1 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA0 0x54 0x09 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x09 0xB6 0x21 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0xE7 0xC2 0x70 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x25 0x41 0xC1 0x5A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDC 0x0C 0xB0 0xC5 ...

---- EOF - GMER 1.0.15 ----

Last edited by Vladimir on 19th April 2010, 6:26 pm; edited 1 time in total

Hello.
Sorry, I should of realized before. Your OS is in a different language, so "Desktop" isn't "Desktop"

Is it "Επιφάνεια εργασίας" in your language? if so, replace "Desktop" with "Επιφάνεια εργασίας", and make sure TDSSKiller ISN'T renamed, otherwise this wont work.

Yes, that did it

21:28:19:015 5864 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
21:28:19:015 5864 ================================================================================
21:28:19:015 5864 SystemInfo:

21:28:19:015 5864 OS Version: 5.1.2600 ServicePack: 3.0
21:28:19:015 5864 Product type: Workstation
21:28:19:015 5864 ComputerName: HP11546321382
21:28:19:015 5864 UserName: User
21:28:19:015 5864 Windows directory: C:\WINDOWS
21:28:19:015 5864 Processor architecture: Intel x86
21:28:19:015 5864 Number of processors: 1
21:28:19:015 5864 Page size: 0x1000
21:28:19:015 5864 Boot type: Normal boot
21:28:19:015 5864 ================================================================================
21:28:19:015 5864 UnloadDriverW: NtUnloadDriver error 2
21:28:19:015 5864 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:28:19:031 5864 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:28:19:031 5864 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:28:19:031 5864 wfopen_ex: Trying to KLMD file open
21:28:19:031 5864 wfopen_ex: File opened ok (Flags 2)
21:28:19:031 5864 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:28:19:031 5864 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:28:19:031 5864 wfopen_ex: Trying to KLMD file open
21:28:19:031 5864 wfopen_ex: File opened ok (Flags 2)
21:28:19:031 5864 Initialize success
21:28:19:031 5864
21:28:19:031 5864 Scanning Services ...
21:28:19:328 5864 Raw services enum returned 427 services
21:28:19:343 5864
21:28:19:343 5864 Scanning Kernel memory ...
21:28:19:343 5864 Devices to scan: 4
21:28:19:343 5864
21:28:19:343 5864 Driver Name: Disk
21:28:19:343 5864 IRP_MJ_CREATE : B80EEBB0
21:28:19:343 5864 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
21:28:19:343 5864 IRP_MJ_CLOSE : B80EEBB0
21:28:19:343 5864 IRP_MJ_READ : B80E8D1F
21:28:19:343 5864 IRP_MJ_WRITE : B80E8D1F
21:28:19:343 5864 IRP_MJ_QUERY_INFORMATION : 804F355A
21:28:19:343 5864 IRP_MJ_SET_INFORMATION : 804F355A
21:28:19:343 5864 IRP_MJ_QUERY_EA : 804F355A
21:28:19:343 5864 IRP_MJ_SET_EA : 804F355A
21:28:19:343 5864 IRP_MJ_FLUSH_BUFFERS : B80E92E2
21:28:19:343 5864 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
21:28:19:343 5864 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
21:28:19:343 5864 IRP_MJ_DIRECTORY_CONTROL : 804F355A
21:28:19:343 5864 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
21:28:19:343 5864 IRP_MJ_DEVICE_CONTROL : B80E93BB
21:28:19:343 5864 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80ECF28
21:28:19:343 5864 IRP_MJ_SHUTDOWN : B80E92E2
21:28:19:343 5864 IRP_MJ_LOCK_CONTROL : 804F355A
21:28:19:343 5864 IRP_MJ_CLEANUP : 804F355A
21:28:19:343 5864 IRP_MJ_CREATE_MAILSLOT : 804F355A
21:28:19:343 5864 IRP_MJ_QUERY_SECURITY : 804F355A
21:28:19:343 5864 IRP_MJ_SET_SECURITY : 804F355A
21:28:19:343 5864 IRP_MJ_POWER : B80EAC82
21:28:19:343 5864 IRP_MJ_SYSTEM_CONTROL : B80EF99E
21:28:19:343 5864 IRP_MJ_DEVICE_CHANGE : 804F355A
21:28:19:343 5864 IRP_MJ_QUERY_QUOTA : 804F355A
21:28:19:343 5864 IRP_MJ_SET_QUOTA : 804F355A
21:28:19:375 5864 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:28:19:375 5864
21:28:19:375 5864 Driver Name: Disk
21:28:19:375 5864 IRP_MJ_CREATE : B80EEBB0
21:28:19:375 5864 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
21:28:19:375 5864 IRP_MJ_CLOSE : B80EEBB0
21:28:19:375 5864 IRP_MJ_READ : B80E8D1F
21:28:19:375 5864 IRP_MJ_WRITE : B80E8D1F
21:28:19:375 5864 IRP_MJ_QUERY_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_SET_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_EA : 804F355A
21:28:19:375 5864 IRP_MJ_SET_EA : 804F355A
21:28:19:375 5864 IRP_MJ_FLUSH_BUFFERS : B80E92E2
21:28:19:375 5864 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_DIRECTORY_CONTROL : 804F355A
21:28:19:375 5864 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
21:28:19:375 5864 IRP_MJ_DEVICE_CONTROL : B80E93BB
21:28:19:375 5864 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80ECF28
21:28:19:375 5864 IRP_MJ_SHUTDOWN : B80E92E2
21:28:19:375 5864 IRP_MJ_LOCK_CONTROL : 804F355A
21:28:19:375 5864 IRP_MJ_CLEANUP : 804F355A
21:28:19:375 5864 IRP_MJ_CREATE_MAILSLOT : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_SECURITY : 804F355A
21:28:19:375 5864 IRP_MJ_SET_SECURITY : 804F355A
21:28:19:375 5864 IRP_MJ_POWER : B80EAC82
21:28:19:375 5864 IRP_MJ_SYSTEM_CONTROL : B80EF99E
21:28:19:375 5864 IRP_MJ_DEVICE_CHANGE : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_QUOTA : 804F355A
21:28:19:375 5864 IRP_MJ_SET_QUOTA : 804F355A
21:28:19:375 5864 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:28:19:375 5864
21:28:19:375 5864 Driver Name: atapi
21:28:19:375 5864 IRP_MJ_CREATE : B7E08B40
21:28:19:375 5864 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
21:28:19:375 5864 IRP_MJ_CLOSE : B7E08B40
21:28:19:375 5864 IRP_MJ_READ : 804F355A
21:28:19:375 5864 IRP_MJ_WRITE : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_SET_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_EA : 804F355A
21:28:19:375 5864 IRP_MJ_SET_EA : 804F355A
21:28:19:375 5864 IRP_MJ_FLUSH_BUFFERS : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_DIRECTORY_CONTROL : 804F355A
21:28:19:375 5864 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
21:28:19:375 5864 IRP_MJ_DEVICE_CONTROL : B7E08B40
21:28:19:375 5864 IRP_MJ_INTERNAL_DEVICE_CONTROL : B8340D60
21:28:19:375 5864 IRP_MJ_SHUTDOWN : 804F355A
21:28:19:375 5864 IRP_MJ_LOCK_CONTROL : 804F355A
21:28:19:375 5864 IRP_MJ_CLEANUP : 804F355A
21:28:19:375 5864 IRP_MJ_CREATE_MAILSLOT : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_SECURITY : 804F355A
21:28:19:375 5864 IRP_MJ_SET_SECURITY : 804F355A
21:28:19:375 5864 IRP_MJ_POWER : B7E08B40
21:28:19:375 5864 IRP_MJ_SYSTEM_CONTROL : B7E08B40
21:28:19:375 5864 IRP_MJ_DEVICE_CHANGE : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_QUOTA : 804F355A
21:28:19:375 5864 IRP_MJ_SET_QUOTA : 804F355A
21:28:19:375 5864 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:28:19:375 5864
21:28:19:375 5864 Driver Name: atapi
21:28:19:375 5864 IRP_MJ_CREATE : B7E08B40
21:28:19:375 5864 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
21:28:19:375 5864 IRP_MJ_CLOSE : B7E08B40
21:28:19:375 5864 IRP_MJ_READ : 804F355A
21:28:19:375 5864 IRP_MJ_WRITE : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_SET_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_EA : 804F355A
21:28:19:375 5864 IRP_MJ_SET_EA : 804F355A
21:28:19:375 5864 IRP_MJ_FLUSH_BUFFERS : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
21:28:19:375 5864 IRP_MJ_DIRECTORY_CONTROL : 804F355A
21:28:19:375 5864 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
21:28:19:375 5864 IRP_MJ_DEVICE_CONTROL : B7E08B40
21:28:19:375 5864 IRP_MJ_INTERNAL_DEVICE_CONTROL : B8340D60
21:28:19:375 5864 IRP_MJ_SHUTDOWN : 804F355A
21:28:19:375 5864 IRP_MJ_LOCK_CONTROL : 804F355A
21:28:19:375 5864 IRP_MJ_CLEANUP : 804F355A
21:28:19:375 5864 IRP_MJ_CREATE_MAILSLOT : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_SECURITY : 804F355A
21:28:19:375 5864 IRP_MJ_SET_SECURITY : 804F355A
21:28:19:375 5864 IRP_MJ_POWER : B7E08B40
21:28:19:375 5864 IRP_MJ_SYSTEM_CONTROL : B7E08B40
21:28:19:375 5864 IRP_MJ_DEVICE_CHANGE : 804F355A
21:28:19:375 5864 IRP_MJ_QUERY_QUOTA : 804F355A
21:28:19:375 5864 IRP_MJ_SET_QUOTA : 804F355A
21:28:19:375 5864 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:28:19:375 5864
21:28:19:375 5864 Completed
21:28:19:375 5864
21:28:19:375 5864 Results:
21:28:19:375 5864 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:28:19:375 5864 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:28:19:375 5864 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:28:19:375 5864
21:28:19:375 5864 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:28:19:375 5864 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:28:19:390 5864 KLMD(ARK) unloaded successfully

Hmmm.

Please re-run Combofix.

ComboFix 10-04-15.02 - User 19/04/2010 21:38:53.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.3070.2551 [GMT 3:00]
Running from: c:\documents and settings\User\Επιφάνεια εργασίας\Guns 'N' Roses\Combo-Fix.exe
AV: Panda Global Protection 2010 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-18 11:13 . 2010-04-18 11:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2010-04-18 08:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 12:11 . 2010-04-17 12:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-17 12:10 . 2010-04-19 15:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2010-04-15 13:10 . 2010-03-29 21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 13:10 . 2010-04-15 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 13:10 . 2010-03-29 21:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:12 . 2010-04-15 12:12 -------- d-----w- c:\program files\Advanced Attitude Software
2010-04-14 13:42 . 2010-04-14 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2010-04-14 13:38 . 2010-04-14 13:39 -------- d-----w- c:\windows\XSxS
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\program files\Xenocode
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Xenocode
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Common Files\Deskshare Shared
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Deskshare
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- C:\_OTL
2010-04-12 14:43 . 2005-02-14 07:57 32768 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\Sony Ericsson PC Suite\LiveUpdate\Temp\CleanBuild.exe
2010-04-10 21:20 . 2010-04-11 13:30 -------- d-----w- c:\program files\TombRaiderAOD
2010-04-09 20:49 . 2010-04-09 20:50 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcp71.dll
2010-04-09 20:49 . 2010-04-09 20:49 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\jmc.dll
2010-04-09 20:49 . 2010-04-09 20:49 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcr71.dll
2010-04-09 20:49 . 2010-04-09 20:49 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-sse.dll
2010-04-09 20:49 . 2010-04-09 20:49 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-d3d.dll
2010-04-09 20:48 . 2010-04-09 20:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 11:14 . 2010-01-30 07:48 266552 ----a-w- c:\windows\system32\HMIPCore.dll
2010-04-07 11:10 . 2010-04-07 11:13 -------- d-----w- c:\documents and settings\User\Application Data\Hide IP NG
2010-03-30 15:01 . 2010-03-30 15:01 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 15:44 . 2010-02-03 12:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-25 14:30 . 2010-03-25 14:30 -------- d-----w- c:\program files\Rockstar Games
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\documents and settings\User\Application Data\SmartFTP
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 18:40 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-04-19 18:40 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-04-19 18:40 . 2009-10-15 20:19 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-04-19 18:38 . 2009-10-28 13:54 348056 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-04-19 18:38 . 2009-10-28 13:54 348056 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-04-13 13:55 . 2008-01-14 15:58 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-04-11 19:37 . 2008-01-10 21:17 -------- d-----w- c:\program files\LimeWire
2010-04-09 20:47 . 2008-01-10 10:51 -------- d-----w- c:\program files\Java
2010-04-06 11:11 . 2006-05-15 16:27 96688 ----a-w- c:\windows\system32\perfc008.dat
2010-04-06 11:11 . 2006-05-15 16:27 554772 ----a-w- c:\windows\system32\perfh008.dat
2010-03-12 14:08 . 2009-02-06 13:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-11 16:50 . 2009-02-09 12:01 -------- d-----w- c:\documents and settings\User\Application Data\Recruitment Viewer
2010-03-11 12:33 . 2004-09-04 13:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:33 . 2004-09-04 13:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:33 . 2004-09-04 13:45 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2004-09-04 13:45 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 01:28 . 2009-02-09 18:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 12:17 . 2008-01-10 10:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-01 11:47 . 2010-02-27 10:42 -------- d-----w- c:\program files\Capcom
2010-02-27 10:39 . 2010-02-27 10:38 -------- d-----w- c:\program files\MagicDisc
2010-02-24 13:11 . 2004-08-04 06:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 15:03 . 2008-01-14 20:26 66512 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 15:15 . 2010-02-18 15:15 65536 ----a-w- c:\windows\system32\GDPersns.dat
2010-02-18 15:14 . 2010-02-18 15:14 90112 ----a-w- c:\windows\system32\Dversion.dll
2010-02-18 15:14 . 2010-02-18 15:14 126976 ----a-w- c:\windows\system32\DVC.dll
2010-02-18 14:07 . 2010-02-18 14:07 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-18 14:07 . 2009-11-08 20:35 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-17 11:06 . 2004-09-04 13:41 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2006-03-02 09:00 2073856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 12:53 . 2010-02-12 12:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-12 04:34 . 2004-09-04 13:44 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-27 14:10 . 2009-09-25 16:12 611640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-03-20 10:24 . 2008-03-20 10:22 24 --sha-w- c:\windows\S3201ED5C.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-04-21 56064]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GameDrive"="c:\program files\FarStone\GameDrive\GDP\GDTask.exe" [2006-07-21 167936]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-27 576000]

c:\documents and settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-3-7 131072]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-5-23 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\User\\Επιφάνεια εργασίας\\Guns 'N' Roses\\uTorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [18/2/2010 6:15 μμ 71680]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [5/4/2009 4:23 μμ 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [15/10/2009 11:13 μμ 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [15/10/2009 11:14 μμ 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [15/10/2009 11:13 μμ 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [15/10/2009 11:14 μμ 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [15/10/2009 11:13 μμ 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [15/10/2009 11:02 μμ 41144]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [28/10/2009 4:54 μμ 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [1/12/2009 3:30 μμ 78848]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [15/10/2009 11:14 μμ 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/3/2010 11:16 πμ 1107336]
R2 INFOlearn_admin_srv;INFOlearn Admin Service;c:\windows\system32\infolearnasrv.exe [6/10/2006 8:35 μμ 49152]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [15/10/2009 11:02 μμ 177416]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/1/2008 1:54 μμ 540184]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\psksvc.exe [15/10/2009 11:13 μμ 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [15/10/2009 11:19 μμ 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [15/10/2009 11:13 μμ 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/5/2008 5:03 μμ 691696]
S1 SSHDRV65;SSHDRV65;\??\c:\windows\system32\drivers\SSHDRV65.sys --> c:\windows\system32\drivers\SSHDRV65.sys [?]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [4/2/2008 5:25 μμ 90357]
S3 PCD65X2;PCD65X2;\??\c:\docume~1\User\LOCALS~1\Temp\PCD65X2.sys --> c:\docume~1\User\LOCALS~1\Temp\PCD65X2.sys [?]
S3 PCD65X3;PCD65X3;\??\c:\docume~1\User\LOCALS~1\Temp\PCD65X3.sys --> c:\docume~1\User\LOCALS~1\Temp\PCD65X3.sys [?]
S3 PCD65X4;PCD65X4;\??\c:\docume~1\User\LOCALS~1\Temp\PCD65X4.sys --> c:\docume~1\User\LOCALS~1\Temp\PCD65X4.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30/6/2009 9:32 μμ 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30/6/2009 9:32 μμ 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30/6/2009 9:32 μμ 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30/6/2009 9:32 μμ 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30/6/2009 9:32 μμ 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30/6/2009 9:32 μμ 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [30/6/2009 9:32 μμ 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [30/6/2009 9:32 μμ 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [30/6/2009 9:32 μμ 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [30/6/2009 9:32 μμ 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [30/6/2009 9:32 μμ 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [30/6/2009 9:32 μμ 117672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder

2010-04-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 12:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919281
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: Download the &current page with Offline Explorer - file://c:\program files\Offline Explorer\Add_AllO.htm
IE: Download using Offline &Explorer - file://c:\program files\Offline Explorer\Add_UrlO.htm
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\cu6zhwsp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.gr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
.
------- File Associations -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %*
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 21:45
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:16,10,41,ed,64,3d,77,f2,44,9e,32,86,e1,f1,8f,c6,19,aa,b3,67,76,a2,d2,
73,61,f4,91,60,e8,8e,09,5d,f5,db,35,bd,f1,b2,26,dc,8a,86,20,0e,c9,1e,4f,98,\
"??"=hex:c2,59,d1,1c,d4,d2,90,9f,4a,b4,64,fe,e2,10,24,81

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\License information*]
"datasecu"=hex:4e,10,57,e3,ee,b9,10,cd,ed,b0,f4,0a,39,5b,5d,c4,f4,5c,f9,8d,eb,
25,1d,10,c6,8f,ff,9b,72,ca,0a,32,3c,29,20,a5,3a,7e,00,95,4e,90,cb,5d,c2,27,\
"rkeysecu"=hex:8b,a4,d9,a9,1b,8f,88,92,bf,ca,aa,f3,89,e8,18,92
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1320)
c:\windows\system32\avldr.dll
.
Completion time: 2010-04-19 21:47:58
ComboFix-quarantined-files.txt 2010-04-19 18:47
ComboFix2.txt 2010-04-16 10:10

Pre-Run: 27 Κατάλογοι 59.889.401.856 διαθέσιμα byte
Post-Run: 28 Κατάλογοι 59.861.573.632 διαθέσιμα byte

- - End Of File - - 1DA6D771BC885ABAC3BC4767DD5035A8

Weird, the rootkit is gone. Oh well, lets tidy this up now.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

µTorrent
Adobe Reader 9.1.3
BitTorrent
Java(TM) 6 Update 19

Next,

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KILLALL::

Driver::
PCD65X2
PCD65X3
PCD65X4
PavSRK.sys
PavTPK.sys

Firefox::
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\cu6zhwsp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

I cannot keep μTorrent?

ComboFix 10-04-15.02 - User 19/04/2010 22:01:41.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.3070.2473 [GMT 3:00]
Running from: c:\documents and settings\User\Επιφάνεια εργασίας\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Επιφάνεια εργασίας\CFscript.txt.txt
AV: Panda Global Protection 2010 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PAVSRK.SYS
-------\Legacy_PAVTPK.SYS
-------\Legacy_PCD65X2
-------\Legacy_PCD65X3
-------\Legacy_PCD65X4
-------\Service_PavSRK.sys
-------\Service_PavTPK.sys
-------\Service_PCD65X2
-------\Service_PCD65X3
-------\Service_PCD65X4


((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-19 18:35 . 2010-04-19 18:48 -------- d-----w- C:\Combo-Fix17504C
2010-04-18 11:13 . 2010-04-18 11:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2010-04-18 08:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 12:11 . 2010-04-17 12:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-17 12:10 . 2010-04-19 15:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2010-04-15 13:10 . 2010-03-29 21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 13:10 . 2010-04-15 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 13:10 . 2010-03-29 21:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:12 . 2010-04-15 12:12 -------- d-----w- c:\program files\Advanced Attitude Software
2010-04-14 13:42 . 2010-04-14 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2010-04-14 13:38 . 2010-04-14 13:39 -------- d-----w- c:\windows\XSxS
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\program files\Xenocode
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Xenocode
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Common Files\Deskshare Shared
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Deskshare
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- C:\_OTL
2010-04-10 21:20 . 2010-04-11 13:30 -------- d-----w- c:\program files\TombRaiderAOD
2010-04-09 20:48 . 2010-04-09 20:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 11:14 . 2010-01-30 07:48 266552 ----a-w- c:\windows\system32\HMIPCore.dll
2010-04-07 11:10 . 2010-04-07 11:13 -------- d-----w- c:\documents and settings\User\Application Data\Hide IP NG
2010-03-30 15:01 . 2010-03-30 15:01 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 15:44 . 2010-02-03 12:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-25 14:30 . 2010-03-25 14:30 -------- d-----w- c:\program files\Rockstar Games
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\documents and settings\User\Application Data\SmartFTP
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 19:10 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-04-19 19:10 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-04-19 19:08 . 2009-10-15 20:19 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-04-19 19:07 . 2009-10-28 13:54 334432 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-04-19 19:07 . 2009-10-28 13:54 334432 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-04-19 18:59 . 2008-01-10 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 13:55 . 2008-01-14 15:58 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-04-11 19:37 . 2008-01-10 21:17 -------- d-----w- c:\program files\LimeWire
2010-04-09 20:50 . 2010-04-09 20:49 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcp71.dll
2010-04-09 20:49 . 2010-04-09 20:49 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\jmc.dll
2010-04-09 20:49 . 2010-04-09 20:49 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcr71.dll
2010-04-09 20:49 . 2010-04-09 20:49 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-sse.dll
2010-04-09 20:49 . 2010-04-09 20:49 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-d3d.dll
2010-04-09 20:47 . 2008-01-10 10:51 -------- d-----w- c:\program files\Java
2010-04-06 11:11 . 2006-05-15 16:27 96688 ----a-w- c:\windows\system32\perfc008.dat
2010-04-06 11:11 . 2006-05-15 16:27 554772 ----a-w- c:\windows\system32\perfh008.dat
2010-03-12 14:08 . 2009-02-06 13:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-11 16:50 . 2009-02-09 12:01 -------- d-----w- c:\documents and settings\User\Application Data\Recruitment Viewer
2010-03-11 12:33 . 2004-09-04 13:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:33 . 2004-09-04 13:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:33 . 2004-09-04 13:45 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2004-09-04 13:45 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 01:28 . 2009-02-09 18:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 12:17 . 2008-01-10 10:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-01 11:47 . 2010-02-27 10:42 -------- d-----w- c:\program files\Capcom
2010-02-27 10:39 . 2010-02-27 10:38 -------- d-----w- c:\program files\MagicDisc
2010-02-24 13:11 . 2004-08-04 06:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 15:03 . 2008-01-14 20:26 66512 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 15:15 . 2010-02-18 15:15 65536 ----a-w- c:\windows\system32\GDPersns.dat
2010-02-18 15:14 . 2010-02-18 15:14 90112 ----a-w- c:\windows\system32\Dversion.dll
2010-02-18 15:14 . 2010-02-18 15:14 126976 ----a-w- c:\windows\system32\DVC.dll
2010-02-18 14:07 . 2010-02-18 14:07 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-18 14:07 . 2009-11-08 20:35 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-17 11:06 . 2004-09-04 13:41 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2006-03-02 09:00 2073856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 12:53 . 2010-02-12 12:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-12 04:34 . 2004-09-04 13:44 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-27 14:10 . 2009-09-25 16:12 611640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-03-20 10:24 . 2008-03-20 10:22 24 --sha-w- c:\windows\S3201ED5C.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-04-21 56064]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"GameDrive"="c:\program files\FarStone\GameDrive\GDP\GDTask.exe" [2006-07-21 167936]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-27 576000]

c:\documents and settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-3-7 131072]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-5-23 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\User\\Επιφάνεια εργασίας\\Guns 'N' Roses\\uTorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [18/2/2010 6:15 μμ 71680]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [5/4/2009 4:23 μμ 28544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/5/2008 5:03 μμ 691696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [15/10/2009 11:13 μμ 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [15/10/2009 11:14 μμ 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [15/10/2009 11:13 μμ 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [15/10/2009 11:14 μμ 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [15/10/2009 11:13 μμ 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [15/10/2009 11:02 μμ 41144]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [28/10/2009 4:54 μμ 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [1/12/2009 3:30 μμ 78848]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [15/10/2009 11:14 μμ 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/3/2010 11:16 πμ 1107336]
R2 INFOlearn_admin_srv;INFOlearn Admin Service;c:\windows\system32\infolearnasrv.exe [6/10/2006 8:35 μμ 49152]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [15/10/2009 11:02 μμ 177416]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/1/2008 1:54 μμ 540184]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\psksvc.exe [15/10/2009 11:13 μμ 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [15/10/2009 11:19 μμ 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [15/10/2009 11:13 μμ 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S1 SSHDRV65;SSHDRV65;\??\c:\windows\system32\drivers\SSHDRV65.sys --> c:\windows\system32\drivers\SSHDRV65.sys [?]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [4/2/2008 5:25 μμ 90357]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30/6/2009 9:32 μμ 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30/6/2009 9:32 μμ 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30/6/2009 9:32 μμ 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30/6/2009 9:32 μμ 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30/6/2009 9:32 μμ 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30/6/2009 9:32 μμ 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [30/6/2009 9:32 μμ 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [30/6/2009 9:32 μμ 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [30/6/2009 9:32 μμ 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [30/6/2009 9:32 μμ 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [30/6/2009 9:32 μμ 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [30/6/2009 9:32 μμ 117672]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PAVTPK.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder

2010-04-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 12:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919281
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: Download the ¤t page with Offline Explorer - file://c:\program files\Offline Explorer\Add_AllO.htm
IE: Download using Offline &Explorer - file://c:\program files\Offline Explorer\Add_UrlO.htm
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\cu6zhwsp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.gr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 22:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spjk.sys >>UNKNOWN [0x8ADEC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e73cb8
\Driver\atapi -> sfsync02.sys @ 0xb8340d60
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Broadcom NetLink (TM) Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xb7cecbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7cf9a21
SendHandler -> NDIS.sys @ 0xb7cd787b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:16,10,41,ed,64,3d,77,f2,44,9e,32,86,e1,f1,8f,c6,19,aa,b3,67,76,a2,d2,
73,61,f4,91,60,e8,8e,09,5d,f5,db,35,bd,f1,b2,26,dc,8a,86,20,0e,c9,1e,4f,98,\
"??"=hex:c2,59,d1,1c,d4,d2,90,9f,4a,b4,64,fe,e2,10,24,81

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\License information*]
"datasecu"=hex:4e,10,57,e3,ee,b9,10,cd,ed,b0,f4,0a,39,5b,5d,c4,f4,5c,f9,8d,eb,
25,1d,10,c6,8f,ff,9b,72,ca,0a,32,3c,29,20,a5,3a,7e,00,95,4e,90,cb,5d,c2,27,\
"rkeysecu"=hex:8b,a4,d9,a9,1b,8f,88,92,bf,ca,aa,f3,89,e8,18,92
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(4992)
c:\program files\Panda Security\Panda Global Protection 2010\pavoepl.dll
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Security\Panda Global Protection 2010\TPSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Panda Security\Panda Global Protection 2010\PsCtrls.exe
c:\program files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE
c:\program files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Panda Security\Panda Global Protection 2010\pavsrv51.exe
c:\program files\Panda Security\Panda Global Protection 2010\AVENGINE.EXE
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Panda Security\Panda Global Protection 2010\SRVLOAD.EXE
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Panda Security\Panda Global Protection 2010\PavBckPT.exe
.
**************************************************************************
.
Completion time: 2010-04-19 22:12:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-19 19:12
ComboFix2.txt 2010-04-19 18:48
ComboFix3.txt 2010-04-16 10:10

Pre-Run: 28 Κατάλογοι 60.089.749.504 διαθέσιμα byte
Post-Run: 29 Κατάλογοι 60.038.750.208 διαθέσιμα byte

- - End Of File - - CF41ACA0B36125F51F5F9B96CA21C94C

Hello.

Submit a file for analysis.

1. Please visit this website: Jotti's Malware Scanner
   
2. Press the "Browse" button and locate the following file in bold:
   C:\WINDOWS\system32\drivers\sfsync02.sys
   
3. Press the "Submit File button to submit the file for analysis.
   
4. Allow it to be scanned, it could take a few minutes depending on server load.
   
5. Copy and paste the result back here.
   

[ArcaVir]
2010-04-19 Found nothing
[F-Secure Anti-Virus]
2010-04-20 Found nothing
[A-Squared]
2010-04-20 Found nothing
[G DATA]
2010-04-20 Found nothing
[Avast! antivirus]



And



Filename: sfsync02.sys
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 20 Apr 2010 10:41:13 (CET) Permalink
2010-04-19 Found nothing
[Ikarus]
2010-04-20 Found nothing
[Grisoft AVG Anti-Virus]
2010-04-20 Found nothing
[Kaspersky Anti-Virus]
2010-04-20 Found nothing
[Avira AntiVir]
2010-04-20 Found nothing
[ESET NOD32]
2010-04-19 Found nothing
[Softwin BitDefender]
2010-04-20 Found nothing
[Panda Antivirus]
2010-04-19 Found nothing
[ClamAV]
2010-04-20 Found nothing
[Quick Heal]
2010-04-20 Found nothing
[CPsecure]
2010-04-20 Found nothing
[Sophos]
2010-04-20 Found nothing
[Dr.Web]
2010-04-20 Found nothing
[VirusBlokAda VBA32]
2010-04-18 Found nothing
[Frisk F-Prot Antivirus]
2010-04-19 Found nothing
[VirusBuster]
2010-04-19 Found nothing

Hello.
Please download RootkitUnhooker from here

Unzip it and run the program.
Go to the File menu, select, Quick Report, and save info from current page.

Please post the log.

RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.509
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
NtCreateKey
Actual Address 0xB7EB50E0
Hooked by: spgl.sys

NtEnumerateKey
Actual Address 0xB7ECDDA4
Hooked by: spgl.sys

NtEnumerateValueKey
Actual Address 0xB7ECE132
Hooked by: spgl.sys

NtOpenKey
Actual Address 0xB7EB50C0
Hooked by: spgl.sys

NtQueryKey
Actual Address 0xB7ECE20A
Hooked by: spgl.sys

NtQueryValueKey
Actual Address 0xB7ECE08A
Hooked by: spgl.sys

NtSetValueKey
Actual Address 0xB7ECE29C
Hooked by: spgl.sys

NtTerminateProcess
Actual Address 0xB350D654
Hooked by: C:\WINDOWS\system32\DRIVERS\PavProc.sys

NtTerminateThread
Actual Address 0xB350CC2E
Hooked by: C:\WINDOWS\system32\DRIVERS\PavProc.sys

-

Hello.
Please delete the copy of Combofix you have now, then re-download it and run this new script.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
FCopy::
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-04-20.01 - User 21/04/2010 12:15:31.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.3070.2573 [GMT 3:00]
Running from: c:\documents and settings\User\Επιφάνεια εργασίας\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Επιφάνεια εργασίας\CFScript.txt.txt
AV: Panda Global Protection 2010 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-19 18:35 . 2010-04-19 18:48 -------- d-----w- C:\Combo-Fix17504C
2010-04-18 11:13 . 2010-04-18 11:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2010-04-18 08:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 12:11 . 2010-04-17 12:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-17 12:10 . 2010-04-19 15:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2010-04-15 13:10 . 2010-03-29 21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 13:10 . 2010-04-15 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 13:10 . 2010-03-29 21:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:12 . 2010-04-15 12:12 -------- d-----w- c:\program files\Advanced Attitude Software
2010-04-14 13:42 . 2010-04-14 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2010-04-14 13:38 . 2010-04-14 13:39 -------- d-----w- c:\windows\XSxS
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\program files\Xenocode
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Xenocode
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Common Files\Deskshare Shared
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Deskshare
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- C:\_OTL
2010-04-12 14:43 . 2005-02-14 07:57 32768 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\Sony Ericsson PC Suite\LiveUpdate\Temp\CleanBuild.exe
2010-04-10 21:20 . 2010-04-11 13:30 -------- d-----w- c:\program files\TombRaiderAOD
2010-04-09 20:49 . 2010-04-09 20:50 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcp71.dll
2010-04-09 20:49 . 2010-04-09 20:49 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\jmc.dll
2010-04-09 20:49 . 2010-04-09 20:49 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcr71.dll
2010-04-09 20:49 . 2010-04-09 20:49 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-sse.dll
2010-04-09 20:49 . 2010-04-09 20:49 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-d3d.dll
2010-04-09 20:48 . 2010-04-09 20:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 11:14 . 2010-01-30 07:48 266552 ----a-w- c:\windows\system32\HMIPCore.dll
2010-04-07 11:10 . 2010-04-07 11:13 -------- d-----w- c:\documents and settings\User\Application Data\Hide IP NG
2010-03-30 15:01 . 2010-03-30 15:01 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 15:44 . 2010-02-03 12:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-25 14:30 . 2010-03-25 14:30 -------- d-----w- c:\program files\Rockstar Games
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\documents and settings\User\Application Data\SmartFTP
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 09:16 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-04-21 09:16 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-04-21 09:16 . 2009-10-15 20:19 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-04-21 09:14 . 2009-10-28 13:54 343712 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-04-21 09:14 . 2009-10-28 13:54 343712 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-04-20 21:02 . 2008-01-10 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 13:55 . 2008-01-14 15:58 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-04-11 19:37 . 2008-01-10 21:17 -------- d-----w- c:\program files\LimeWire
2010-04-09 20:47 . 2008-01-10 10:51 -------- d-----w- c:\program files\Java
2010-04-06 11:11 . 2006-05-15 16:27 96688 ----a-w- c:\windows\system32\perfc008.dat
2010-04-06 11:11 . 2006-05-15 16:27 554772 ----a-w- c:\windows\system32\perfh008.dat
2010-03-12 14:08 . 2009-02-06 13:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-11 16:50 . 2009-02-09 12:01 -------- d-----w- c:\documents and settings\User\Application Data\Recruitment Viewer
2010-03-11 12:33 . 2004-09-04 13:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:33 . 2004-09-04 13:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:33 . 2004-09-04 13:45 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2004-09-04 13:45 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 01:28 . 2009-02-09 18:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 12:17 . 2008-01-10 10:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-01 11:47 . 2010-02-27 10:42 -------- d-----w- c:\program files\Capcom
2010-02-27 10:39 . 2010-02-27 10:38 -------- d-----w- c:\program files\MagicDisc
2010-02-24 13:11 . 2004-08-04 06:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 15:03 . 2008-01-14 20:26 66512 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 15:15 . 2010-02-18 15:15 65536 ----a-w- c:\windows\system32\GDPersns.dat
2010-02-18 15:14 . 2010-02-18 15:14 90112 ----a-w- c:\windows\system32\Dversion.dll
2010-02-18 15:14 . 2010-02-18 15:14 126976 ----a-w- c:\windows\system32\DVC.dll
2010-02-18 14:07 . 2010-02-18 14:07 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-18 14:07 . 2009-11-08 20:35 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-17 11:06 . 2004-09-04 13:41 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2006-03-02 09:00 2073856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 12:53 . 2010-02-12 12:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-12 04:34 . 2004-09-04 13:44 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-27 14:10 . 2009-09-25 16:12 611640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-03-20 10:24 . 2008-03-20 10:22 24 --sha-w- c:\windows\S3201ED5C.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-04-19_18.45.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 05:59 . 2004-08-04 05:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2009-12-21 17:09 . 2009-12-21 17:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-21 22:57 . 2009-12-21 22:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 17:02 . 2009-12-21 17:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 20:21 . 2009-12-21 20:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-21 20:37 . 2009-12-21 20:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 15:39 . 2009-12-21 15:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 15:27 . 2009-12-21 15:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 15:27 . 2009-12-21 15:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2009-12-21 15:35 . 2009-12-21 15:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 17:05 . 2009-12-21 17:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 15:34 . 2009-12-21 15:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 16:18 . 2009-11-09 16:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 17:02 . 2009-12-21 17:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-21 15:43 . 2009-12-21 15:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-21 22:57 . 2009-12-21 22:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 15:15 . 2009-12-21 15:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 16:32 . 2009-12-21 16:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-21 16:15 . 2009-12-21 16:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-04-20 21:03 . 2010-04-20 21:03 3940352 c:\windows\Installer\cefdc2.msi
+ 2009-12-21 15:29 . 2009-12-21 15:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-27 17:34 . 2009-10-27 17:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 20:31 . 2009-12-21 20:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\cefe66.msp
+ 2009-12-21 20:21 . 2009-12-21 20:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-04-21 56064]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"GameDrive"="c:\program files\FarStone\GameDrive\GDP\GDTask.exe" [2006-07-21 167936]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-27 576000]

c:\documents and settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-3-7 131072]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-5-23 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\User\\Επιφάνεια εργασίας\\Guns 'N' Roses\\uTorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [18/2/2010 6:15 μμ 71680]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [5/4/2009 4:23 μμ 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [15/10/2009 11:13 μμ 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [15/10/2009 11:14 μμ 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [15/10/2009 11:13 μμ 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [15/10/2009 11:14 μμ 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [15/10/2009 11:13 μμ 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [15/10/2009 11:02 μμ 41144]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [28/10/2009 4:54 μμ 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [1/12/2009 3:30 μμ 78848]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [15/10/2009 11:14 μμ 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/3/2010 11:16 πμ 1107336]
R2 INFOlearn_admin_srv;INFOlearn Admin Service;c:\windows\system32\infolearnasrv.exe [6/10/2006 8:35 μμ 49152]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [15/10/2009 11:02 μμ 177416]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/1/2008 1:54 μμ 540184]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\psksvc.exe [15/10/2009 11:13 μμ 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [15/10/2009 11:19 μμ 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [15/10/2009 11:13 μμ 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/5/2008 5:03 μμ 691696]
S1 SSHDRV65;SSHDRV65;\??\c:\windows\system32\drivers\SSHDRV65.sys --> c:\windows\system32\drivers\SSHDRV65.sys [?]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [4/2/2008 5:25 μμ 90357]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30/6/2009 9:32 μμ 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30/6/2009 9:32 μμ 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30/6/2009 9:32 μμ 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30/6/2009 9:32 μμ 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30/6/2009 9:32 μμ 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30/6/2009 9:32 μμ 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [30/6/2009 9:32 μμ 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [30/6/2009 9:32 μμ 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [30/6/2009 9:32 μμ 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [30/6/2009 9:32 μμ 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [30/6/2009 9:32 μμ 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [30/6/2009 9:32 μμ 117672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder

2010-04-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 12:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919281
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: Download the &current page with Offline Explorer - file://c:\program files\Offline Explorer\Add_AllO.htm
IE: Download using Offline &Explorer - file://c:\program files\Offline Explorer\Add_UrlO.htm
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\cu6zhwsp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.gr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 12:22
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:16,10,41,ed,64,3d,77,f2,44,9e,32,86,e1,f1,8f,c6,19,aa,b3,67,76,a2,d2,
73,61,f4,91,60,e8,8e,09,5d,f5,db,35,bd,f1,b2,26,dc,8a,86,20,0e,c9,1e,4f,98,\
"??"=hex:c2,59,d1,1c,d4,d2,90,9f,4a,b4,64,fe,e2,10,24,81

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\License information*]
"datasecu"=hex:4e,10,57,e3,ee,b9,10,cd,ed,b0,f4,0a,39,5b,5d,c4,f4,5c,f9,8d,eb,
25,1d,10,c6,8f,ff,9b,72,ca,0a,32,3c,29,20,a5,3a,7e,00,95,4e,90,cb,5d,c2,27,\
"rkeysecu"=hex:8b,a4,d9,a9,1b,8f,88,92,bf,ca,aa,f3,89,e8,18,92
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1320)
c:\windows\system32\avldr.dll
.
Completion time: 2010-04-21 12:24:31
ComboFix-quarantined-files.txt 2010-04-21 09:24
ComboFix2.txt 2010-04-19 19:12
ComboFix3.txt 2010-04-19 18:48
ComboFix4.txt 2010-04-16 10:10

Pre-Run: 28 Κατάλογοι 59.637.858.304 διαθέσιμα byte
Post-Run: 29 Κατάλογοι 59.609.624.576 διαθέσιμα byte

- - End Of File - - FAAD2D2BCAAE24D4CD9B05513F1BE38C

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Yes, it seems ok for now, I'll test it for a couple of days and answer you back.

Thanks very much though

2 days now and it seems perfect. Consider it as solved

Thanks again!

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.