Internet lags, is it a virus?

ComboFix 10-04-15.02 - User 19/04/2010 22:01:41.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.3070.2473 [GMT 3:00]
Running from: c:\documents and settings\User\Επιφάνεια εργασίας\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Επιφάνεια εργασίας\CFscript.txt.txt
AV: Panda Global Protection 2010 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PAVSRK.SYS
-------\Legacy_PAVTPK.SYS
-------\Legacy_PCD65X2
-------\Legacy_PCD65X3
-------\Legacy_PCD65X4
-------\Service_PavSRK.sys
-------\Service_PavTPK.sys
-------\Service_PCD65X2
-------\Service_PCD65X3
-------\Service_PCD65X4


((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-19 18:35 . 2010-04-19 18:48 -------- d-----w- C:\Combo-Fix17504C
2010-04-18 11:13 . 2010-04-18 11:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2010-04-18 08:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 12:11 . 2010-04-17 12:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-17 12:10 . 2010-04-19 15:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2010-04-15 13:10 . 2010-03-29 21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 13:10 . 2010-04-15 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 13:10 . 2010-03-29 21:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:12 . 2010-04-15 12:12 -------- d-----w- c:\program files\Advanced Attitude Software
2010-04-14 13:42 . 2010-04-14 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2010-04-14 13:38 . 2010-04-14 13:39 -------- d-----w- c:\windows\XSxS
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\program files\Xenocode
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Xenocode
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Common Files\Deskshare Shared
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Deskshare
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- C:\_OTL
2010-04-10 21:20 . 2010-04-11 13:30 -------- d-----w- c:\program files\TombRaiderAOD
2010-04-09 20:48 . 2010-04-09 20:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 11:14 . 2010-01-30 07:48 266552 ----a-w- c:\windows\system32\HMIPCore.dll
2010-04-07 11:10 . 2010-04-07 11:13 -------- d-----w- c:\documents and settings\User\Application Data\Hide IP NG
2010-03-30 15:01 . 2010-03-30 15:01 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 15:44 . 2010-02-03 12:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-25 14:30 . 2010-03-25 14:30 -------- d-----w- c:\program files\Rockstar Games
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\documents and settings\User\Application Data\SmartFTP
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 19:10 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-04-19 19:10 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-04-19 19:08 . 2009-10-15 20:19 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-04-19 19:07 . 2009-10-28 13:54 334432 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-04-19 19:07 . 2009-10-28 13:54 334432 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-04-19 18:59 . 2008-01-10 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 13:55 . 2008-01-14 15:58 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-04-11 19:37 . 2008-01-10 21:17 -------- d-----w- c:\program files\LimeWire
2010-04-09 20:50 . 2010-04-09 20:49 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcp71.dll
2010-04-09 20:49 . 2010-04-09 20:49 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\jmc.dll
2010-04-09 20:49 . 2010-04-09 20:49 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcr71.dll
2010-04-09 20:49 . 2010-04-09 20:49 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-sse.dll
2010-04-09 20:49 . 2010-04-09 20:49 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-d3d.dll
2010-04-09 20:47 . 2008-01-10 10:51 -------- d-----w- c:\program files\Java
2010-04-06 11:11 . 2006-05-15 16:27 96688 ----a-w- c:\windows\system32\perfc008.dat
2010-04-06 11:11 . 2006-05-15 16:27 554772 ----a-w- c:\windows\system32\perfh008.dat
2010-03-12 14:08 . 2009-02-06 13:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-11 16:50 . 2009-02-09 12:01 -------- d-----w- c:\documents and settings\User\Application Data\Recruitment Viewer
2010-03-11 12:33 . 2004-09-04 13:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:33 . 2004-09-04 13:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:33 . 2004-09-04 13:45 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2004-09-04 13:45 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 01:28 . 2009-02-09 18:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 12:17 . 2008-01-10 10:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-01 11:47 . 2010-02-27 10:42 -------- d-----w- c:\program files\Capcom
2010-02-27 10:39 . 2010-02-27 10:38 -------- d-----w- c:\program files\MagicDisc
2010-02-24 13:11 . 2004-08-04 06:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 15:03 . 2008-01-14 20:26 66512 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 15:15 . 2010-02-18 15:15 65536 ----a-w- c:\windows\system32\GDPersns.dat
2010-02-18 15:14 . 2010-02-18 15:14 90112 ----a-w- c:\windows\system32\Dversion.dll
2010-02-18 15:14 . 2010-02-18 15:14 126976 ----a-w- c:\windows\system32\DVC.dll
2010-02-18 14:07 . 2010-02-18 14:07 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-18 14:07 . 2009-11-08 20:35 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-17 11:06 . 2004-09-04 13:41 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2006-03-02 09:00 2073856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 12:53 . 2010-02-12 12:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-12 04:34 . 2004-09-04 13:44 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-27 14:10 . 2009-09-25 16:12 611640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-03-20 10:24 . 2008-03-20 10:22 24 --sha-w- c:\windows\S3201ED5C.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-04-21 56064]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"GameDrive"="c:\program files\FarStone\GameDrive\GDP\GDTask.exe" [2006-07-21 167936]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-27 576000]

c:\documents and settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-3-7 131072]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-5-23 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\User\\Επιφάνεια εργασίας\\Guns 'N' Roses\\uTorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [18/2/2010 6:15 μμ 71680]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [5/4/2009 4:23 μμ 28544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/5/2008 5:03 μμ 691696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [15/10/2009 11:13 μμ 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [15/10/2009 11:14 μμ 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [15/10/2009 11:13 μμ 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [15/10/2009 11:14 μμ 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [15/10/2009 11:13 μμ 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [15/10/2009 11:02 μμ 41144]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [28/10/2009 4:54 μμ 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [1/12/2009 3:30 μμ 78848]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [15/10/2009 11:14 μμ 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/3/2010 11:16 πμ 1107336]
R2 INFOlearn_admin_srv;INFOlearn Admin Service;c:\windows\system32\infolearnasrv.exe [6/10/2006 8:35 μμ 49152]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [15/10/2009 11:02 μμ 177416]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/1/2008 1:54 μμ 540184]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\psksvc.exe [15/10/2009 11:13 μμ 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [15/10/2009 11:19 μμ 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [15/10/2009 11:13 μμ 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S1 SSHDRV65;SSHDRV65;\??\c:\windows\system32\drivers\SSHDRV65.sys --> c:\windows\system32\drivers\SSHDRV65.sys [?]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [4/2/2008 5:25 μμ 90357]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30/6/2009 9:32 μμ 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30/6/2009 9:32 μμ 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30/6/2009 9:32 μμ 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30/6/2009 9:32 μμ 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30/6/2009 9:32 μμ 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30/6/2009 9:32 μμ 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [30/6/2009 9:32 μμ 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [30/6/2009 9:32 μμ 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [30/6/2009 9:32 μμ 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [30/6/2009 9:32 μμ 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [30/6/2009 9:32 μμ 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [30/6/2009 9:32 μμ 117672]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PAVTPK.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder

2010-04-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 12:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919281
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: Download the ¤t page with Offline Explorer - file://c:\program files\Offline Explorer\Add_AllO.htm
IE: Download using Offline &Explorer - file://c:\program files\Offline Explorer\Add_UrlO.htm
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\cu6zhwsp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.gr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 22:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spjk.sys >>UNKNOWN [0x8ADEC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e73cb8
\Driver\atapi -> sfsync02.sys @ 0xb8340d60
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Broadcom NetLink (TM) Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xb7cecbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7cf9a21
SendHandler -> NDIS.sys @ 0xb7cd787b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:16,10,41,ed,64,3d,77,f2,44,9e,32,86,e1,f1,8f,c6,19,aa,b3,67,76,a2,d2,
73,61,f4,91,60,e8,8e,09,5d,f5,db,35,bd,f1,b2,26,dc,8a,86,20,0e,c9,1e,4f,98,\
"??"=hex:c2,59,d1,1c,d4,d2,90,9f,4a,b4,64,fe,e2,10,24,81

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\License information*]
"datasecu"=hex:4e,10,57,e3,ee,b9,10,cd,ed,b0,f4,0a,39,5b,5d,c4,f4,5c,f9,8d,eb,
25,1d,10,c6,8f,ff,9b,72,ca,0a,32,3c,29,20,a5,3a,7e,00,95,4e,90,cb,5d,c2,27,\
"rkeysecu"=hex:8b,a4,d9,a9,1b,8f,88,92,bf,ca,aa,f3,89,e8,18,92
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(4992)
c:\program files\Panda Security\Panda Global Protection 2010\pavoepl.dll
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Security\Panda Global Protection 2010\TPSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Panda Security\Panda Global Protection 2010\PsCtrls.exe
c:\program files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE
c:\program files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Panda Security\Panda Global Protection 2010\pavsrv51.exe
c:\program files\Panda Security\Panda Global Protection 2010\AVENGINE.EXE
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Panda Security\Panda Global Protection 2010\SRVLOAD.EXE
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Panda Security\Panda Global Protection 2010\PavBckPT.exe
.
**************************************************************************
.
Completion time: 2010-04-19 22:12:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-19 19:12
ComboFix2.txt 2010-04-19 18:48
ComboFix3.txt 2010-04-16 10:10

Pre-Run: 28 Κατάλογοι 60.089.749.504 διαθέσιμα byte
Post-Run: 29 Κατάλογοι 60.038.750.208 διαθέσιμα byte

- - End Of File - - CF41ACA0B36125F51F5F9B96CA21C94C

Hello.

Submit a file for analysis.

1. Please visit this website: Jotti's Malware Scanner
   
2. Press the "Browse" button and locate the following file in bold:
   C:\WINDOWS\system32\drivers\sfsync02.sys
   
3. Press the "Submit File button to submit the file for analysis.
   
4. Allow it to be scanned, it could take a few minutes depending on server load.
   
5. Copy and paste the result back here.
   

[ArcaVir]
2010-04-19 Found nothing
[F-Secure Anti-Virus]
2010-04-20 Found nothing
[A-Squared]
2010-04-20 Found nothing
[G DATA]
2010-04-20 Found nothing
[Avast! antivirus]



And



Filename: sfsync02.sys
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 20 Apr 2010 10:41:13 (CET) Permalink
2010-04-19 Found nothing
[Ikarus]
2010-04-20 Found nothing
[Grisoft AVG Anti-Virus]
2010-04-20 Found nothing
[Kaspersky Anti-Virus]
2010-04-20 Found nothing
[Avira AntiVir]
2010-04-20 Found nothing
[ESET NOD32]
2010-04-19 Found nothing
[Softwin BitDefender]
2010-04-20 Found nothing
[Panda Antivirus]
2010-04-19 Found nothing
[ClamAV]
2010-04-20 Found nothing
[Quick Heal]
2010-04-20 Found nothing
[CPsecure]
2010-04-20 Found nothing
[Sophos]
2010-04-20 Found nothing
[Dr.Web]
2010-04-20 Found nothing
[VirusBlokAda VBA32]
2010-04-18 Found nothing
[Frisk F-Prot Antivirus]
2010-04-19 Found nothing
[VirusBuster]
2010-04-19 Found nothing

Hello.
Please download RootkitUnhooker from here

Unzip it and run the program.
Go to the File menu, select, Quick Report, and save info from current page.

Please post the log.

RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.509
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
NtCreateKey
Actual Address 0xB7EB50E0
Hooked by: spgl.sys

NtEnumerateKey
Actual Address 0xB7ECDDA4
Hooked by: spgl.sys

NtEnumerateValueKey
Actual Address 0xB7ECE132
Hooked by: spgl.sys

NtOpenKey
Actual Address 0xB7EB50C0
Hooked by: spgl.sys

NtQueryKey
Actual Address 0xB7ECE20A
Hooked by: spgl.sys

NtQueryValueKey
Actual Address 0xB7ECE08A
Hooked by: spgl.sys

NtSetValueKey
Actual Address 0xB7ECE29C
Hooked by: spgl.sys

NtTerminateProcess
Actual Address 0xB350D654
Hooked by: C:\WINDOWS\system32\DRIVERS\PavProc.sys

NtTerminateThread
Actual Address 0xB350CC2E
Hooked by: C:\WINDOWS\system32\DRIVERS\PavProc.sys

-

Hello.
Please delete the copy of Combofix you have now, then re-download it and run this new script.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
FCopy::
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-04-20.01 - User 21/04/2010 12:15:31.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.3070.2573 [GMT 3:00]
Running from: c:\documents and settings\User\Επιφάνεια εργασίας\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Επιφάνεια εργασίας\CFScript.txt.txt
AV: Panda Global Protection 2010 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-19 18:35 . 2010-04-19 18:48 -------- d-----w- C:\Combo-Fix17504C
2010-04-18 11:13 . 2010-04-18 11:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2010-04-18 08:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 12:11 . 2010-04-17 12:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-17 12:10 . 2010-04-19 15:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2010-04-15 13:10 . 2010-03-29 21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 13:10 . 2010-04-15 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 13:10 . 2010-03-29 21:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:12 . 2010-04-15 12:12 -------- d-----w- c:\program files\Advanced Attitude Software
2010-04-14 13:42 . 2010-04-14 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2010-04-14 13:38 . 2010-04-14 13:39 -------- d-----w- c:\windows\XSxS
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\program files\Xenocode
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Xenocode
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Common Files\Deskshare Shared
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Deskshare
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- C:\_OTL
2010-04-12 14:43 . 2005-02-14 07:57 32768 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\Sony Ericsson PC Suite\LiveUpdate\Temp\CleanBuild.exe
2010-04-10 21:20 . 2010-04-11 13:30 -------- d-----w- c:\program files\TombRaiderAOD
2010-04-09 20:49 . 2010-04-09 20:50 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcp71.dll
2010-04-09 20:49 . 2010-04-09 20:49 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\jmc.dll
2010-04-09 20:49 . 2010-04-09 20:49 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcr71.dll
2010-04-09 20:49 . 2010-04-09 20:49 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-sse.dll
2010-04-09 20:49 . 2010-04-09 20:49 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-d3d.dll
2010-04-09 20:48 . 2010-04-09 20:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 11:14 . 2010-01-30 07:48 266552 ----a-w- c:\windows\system32\HMIPCore.dll
2010-04-07 11:10 . 2010-04-07 11:13 -------- d-----w- c:\documents and settings\User\Application Data\Hide IP NG
2010-03-30 15:01 . 2010-03-30 15:01 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 15:44 . 2010-02-03 12:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-25 14:30 . 2010-03-25 14:30 -------- d-----w- c:\program files\Rockstar Games
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\documents and settings\User\Application Data\SmartFTP
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 09:16 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-04-21 09:16 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-04-21 09:16 . 2009-10-15 20:19 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-04-21 09:14 . 2009-10-28 13:54 343712 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-04-21 09:14 . 2009-10-28 13:54 343712 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-04-20 21:02 . 2008-01-10 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 13:55 . 2008-01-14 15:58 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-04-11 19:37 . 2008-01-10 21:17 -------- d-----w- c:\program files\LimeWire
2010-04-09 20:47 . 2008-01-10 10:51 -------- d-----w- c:\program files\Java
2010-04-06 11:11 . 2006-05-15 16:27 96688 ----a-w- c:\windows\system32\perfc008.dat
2010-04-06 11:11 . 2006-05-15 16:27 554772 ----a-w- c:\windows\system32\perfh008.dat
2010-03-12 14:08 . 2009-02-06 13:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-11 16:50 . 2009-02-09 12:01 -------- d-----w- c:\documents and settings\User\Application Data\Recruitment Viewer
2010-03-11 12:33 . 2004-09-04 13:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:33 . 2004-09-04 13:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:33 . 2004-09-04 13:45 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2004-09-04 13:45 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 01:28 . 2009-02-09 18:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 12:17 . 2008-01-10 10:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-01 11:47 . 2010-02-27 10:42 -------- d-----w- c:\program files\Capcom
2010-02-27 10:39 . 2010-02-27 10:38 -------- d-----w- c:\program files\MagicDisc
2010-02-24 13:11 . 2004-08-04 06:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 15:03 . 2008-01-14 20:26 66512 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 15:15 . 2010-02-18 15:15 65536 ----a-w- c:\windows\system32\GDPersns.dat
2010-02-18 15:14 . 2010-02-18 15:14 90112 ----a-w- c:\windows\system32\Dversion.dll
2010-02-18 15:14 . 2010-02-18 15:14 126976 ----a-w- c:\windows\system32\DVC.dll
2010-02-18 14:07 . 2010-02-18 14:07 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-18 14:07 . 2009-11-08 20:35 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-17 11:06 . 2004-09-04 13:41 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2006-03-02 09:00 2073856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 12:53 . 2010-02-12 12:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-12 04:34 . 2004-09-04 13:44 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-27 14:10 . 2009-09-25 16:12 611640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-03-20 10:24 . 2008-03-20 10:22 24 --sha-w- c:\windows\S3201ED5C.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-04-19_18.45.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 05:59 . 2004-08-04 05:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2009-12-21 17:09 . 2009-12-21 17:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-21 22:57 . 2009-12-21 22:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 17:02 . 2009-12-21 17:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 20:21 . 2009-12-21 20:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-21 20:37 . 2009-12-21 20:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 15:39 . 2009-12-21 15:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 15:27 . 2009-12-21 15:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 15:27 . 2009-12-21 15:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2009-12-21 15:35 . 2009-12-21 15:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 17:05 . 2009-12-21 17:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 15:34 . 2009-12-21 15:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 16:18 . 2009-11-09 16:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 17:02 . 2009-12-21 17:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-21 15:43 . 2009-12-21 15:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-21 22:57 . 2009-12-21 22:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 15:15 . 2009-12-21 15:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 16:32 . 2009-12-21 16:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-21 16:15 . 2009-12-21 16:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-04-20 21:03 . 2010-04-20 21:03 3940352 c:\windows\Installer\cefdc2.msi
+ 2009-12-21 15:29 . 2009-12-21 15:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-27 17:34 . 2009-10-27 17:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 20:31 . 2009-12-21 20:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\cefe66.msp
+ 2009-12-21 20:21 . 2009-12-21 20:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-04-21 56064]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"GameDrive"="c:\program files\FarStone\GameDrive\GDP\GDTask.exe" [2006-07-21 167936]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-27 576000]

c:\documents and settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-3-7 131072]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-5-23 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\User\\Επιφάνεια εργασίας\\Guns 'N' Roses\\uTorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [18/2/2010 6:15 μμ 71680]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [5/4/2009 4:23 μμ 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [15/10/2009 11:13 μμ 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [15/10/2009 11:14 μμ 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [15/10/2009 11:13 μμ 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [15/10/2009 11:14 μμ 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [15/10/2009 11:13 μμ 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [15/10/2009 11:02 μμ 41144]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [28/10/2009 4:54 μμ 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [1/12/2009 3:30 μμ 78848]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [15/10/2009 11:14 μμ 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/3/2010 11:16 πμ 1107336]
R2 INFOlearn_admin_srv;INFOlearn Admin Service;c:\windows\system32\infolearnasrv.exe [6/10/2006 8:35 μμ 49152]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [15/10/2009 11:02 μμ 177416]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/1/2008 1:54 μμ 540184]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\psksvc.exe [15/10/2009 11:13 μμ 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [15/10/2009 11:19 μμ 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [15/10/2009 11:13 μμ 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/5/2008 5:03 μμ 691696]
S1 SSHDRV65;SSHDRV65;\??\c:\windows\system32\drivers\SSHDRV65.sys --> c:\windows\system32\drivers\SSHDRV65.sys [?]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [4/2/2008 5:25 μμ 90357]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30/6/2009 9:32 μμ 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30/6/2009 9:32 μμ 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30/6/2009 9:32 μμ 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30/6/2009 9:32 μμ 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30/6/2009 9:32 μμ 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30/6/2009 9:32 μμ 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [30/6/2009 9:32 μμ 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [30/6/2009 9:32 μμ 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [30/6/2009 9:32 μμ 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [30/6/2009 9:32 μμ 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [30/6/2009 9:32 μμ 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [30/6/2009 9:32 μμ 117672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder

2010-04-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 12:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919281
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: Download the &current page with Offline Explorer - file://c:\program files\Offline Explorer\Add_AllO.htm
IE: Download using Offline &Explorer - file://c:\program files\Offline Explorer\Add_UrlO.htm
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\cu6zhwsp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.gr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 12:22
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:16,10,41,ed,64,3d,77,f2,44,9e,32,86,e1,f1,8f,c6,19,aa,b3,67,76,a2,d2,
73,61,f4,91,60,e8,8e,09,5d,f5,db,35,bd,f1,b2,26,dc,8a,86,20,0e,c9,1e,4f,98,\
"??"=hex:c2,59,d1,1c,d4,d2,90,9f,4a,b4,64,fe,e2,10,24,81

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\License information*]
"datasecu"=hex:4e,10,57,e3,ee,b9,10,cd,ed,b0,f4,0a,39,5b,5d,c4,f4,5c,f9,8d,eb,
25,1d,10,c6,8f,ff,9b,72,ca,0a,32,3c,29,20,a5,3a,7e,00,95,4e,90,cb,5d,c2,27,\
"rkeysecu"=hex:8b,a4,d9,a9,1b,8f,88,92,bf,ca,aa,f3,89,e8,18,92
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1320)
c:\windows\system32\avldr.dll
.
Completion time: 2010-04-21 12:24:31
ComboFix-quarantined-files.txt 2010-04-21 09:24
ComboFix2.txt 2010-04-19 19:12
ComboFix3.txt 2010-04-19 18:48
ComboFix4.txt 2010-04-16 10:10

Pre-Run: 28 Κατάλογοι 59.637.858.304 διαθέσιμα byte
Post-Run: 29 Κατάλογοι 59.609.624.576 διαθέσιμα byte

- - End Of File - - FAAD2D2BCAAE24D4CD9B05513F1BE38C

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Yes, it seems ok for now, I'll test it for a couple of days and answer you back.

Thanks very much though

2 days now and it seems perfect. Consider it as solved

Thanks again!

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.