Internet lags, is it a virus?

-

Hello.
Please delete the copy of Combofix you have now, then re-download it and run this new script.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
FCopy::
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-04-20.01 - User 21/04/2010 12:15:31.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.3070.2573 [GMT 3:00]
Running from: c:\documents and settings\User\Επιφάνεια εργασίας\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Επιφάνεια εργασίας\CFScript.txt.txt
AV: Panda Global Protection 2010 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-19 18:35 . 2010-04-19 18:48 -------- d-----w- C:\Combo-Fix17504C
2010-04-18 11:13 . 2010-04-18 11:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2010-04-18 08:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 12:11 . 2010-04-17 12:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-17 12:10 . 2010-04-19 15:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2010-04-15 13:10 . 2010-03-29 21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 13:10 . 2010-04-15 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 13:10 . 2010-03-29 21:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:12 . 2010-04-15 12:12 -------- d-----w- c:\program files\Advanced Attitude Software
2010-04-14 13:42 . 2010-04-14 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2010-04-14 13:38 . 2010-04-14 13:39 -------- d-----w- c:\windows\XSxS
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\program files\Xenocode
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Xenocode
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Common Files\Deskshare Shared
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Deskshare
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- C:\_OTL
2010-04-12 14:43 . 2005-02-14 07:57 32768 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\Sony Ericsson PC Suite\LiveUpdate\Temp\CleanBuild.exe
2010-04-10 21:20 . 2010-04-11 13:30 -------- d-----w- c:\program files\TombRaiderAOD
2010-04-09 20:49 . 2010-04-09 20:50 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcp71.dll
2010-04-09 20:49 . 2010-04-09 20:49 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\jmc.dll
2010-04-09 20:49 . 2010-04-09 20:49 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcr71.dll
2010-04-09 20:49 . 2010-04-09 20:49 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-sse.dll
2010-04-09 20:49 . 2010-04-09 20:49 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-d3d.dll
2010-04-09 20:48 . 2010-04-09 20:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 11:14 . 2010-01-30 07:48 266552 ----a-w- c:\windows\system32\HMIPCore.dll
2010-04-07 11:10 . 2010-04-07 11:13 -------- d-----w- c:\documents and settings\User\Application Data\Hide IP NG
2010-03-30 15:01 . 2010-03-30 15:01 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 15:44 . 2010-02-03 12:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-25 14:30 . 2010-03-25 14:30 -------- d-----w- c:\program files\Rockstar Games
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\documents and settings\User\Application Data\SmartFTP
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8028\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 09:16 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-04-21 09:16 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-04-21 09:16 . 2009-10-15 20:19 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-04-21 09:14 . 2009-10-28 13:54 343712 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-04-21 09:14 . 2009-10-28 13:54 343712 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-04-20 21:02 . 2008-01-10 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 13:55 . 2008-01-14 15:58 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-04-11 19:37 . 2008-01-10 21:17 -------- d-----w- c:\program files\LimeWire
2010-04-09 20:47 . 2008-01-10 10:51 -------- d-----w- c:\program files\Java
2010-04-06 11:11 . 2006-05-15 16:27 96688 ----a-w- c:\windows\system32\perfc008.dat
2010-04-06 11:11 . 2006-05-15 16:27 554772 ----a-w- c:\windows\system32\perfh008.dat
2010-03-12 14:08 . 2009-02-06 13:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-11 16:50 . 2009-02-09 12:01 -------- d-----w- c:\documents and settings\User\Application Data\Recruitment Viewer
2010-03-11 12:33 . 2004-09-04 13:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:33 . 2004-09-04 13:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:33 . 2004-09-04 13:45 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2004-09-04 13:45 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 01:28 . 2009-02-09 18:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 12:17 . 2008-01-10 10:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-01 11:47 . 2010-02-27 10:42 -------- d-----w- c:\program files\Capcom
2010-02-27 10:39 . 2010-02-27 10:38 -------- d-----w- c:\program files\MagicDisc
2010-02-24 13:11 . 2004-08-04 06:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 15:03 . 2008-01-14 20:26 66512 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 15:15 . 2010-02-18 15:15 65536 ----a-w- c:\windows\system32\GDPersns.dat
2010-02-18 15:14 . 2010-02-18 15:14 90112 ----a-w- c:\windows\system32\Dversion.dll
2010-02-18 15:14 . 2010-02-18 15:14 126976 ----a-w- c:\windows\system32\DVC.dll
2010-02-18 14:07 . 2010-02-18 14:07 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-18 14:07 . 2009-11-08 20:35 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-17 11:06 . 2004-09-04 13:41 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2006-03-02 09:00 2073856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 12:53 . 2010-02-12 12:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-12 04:34 . 2004-09-04 13:44 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-27 14:10 . 2009-09-25 16:12 611640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-03-20 10:24 . 2008-03-20 10:22 24 --sha-w- c:\windows\S3201ED5C.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-04-19_18.45.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 05:59 . 2004-08-04 05:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2009-12-21 17:09 . 2009-12-21 17:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-21 22:57 . 2009-12-21 22:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 17:02 . 2009-12-21 17:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 20:21 . 2009-12-21 20:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-21 20:37 . 2009-12-21 20:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 15:39 . 2009-12-21 15:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 15:27 . 2009-12-21 15:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 15:27 . 2009-12-21 15:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2009-12-21 15:35 . 2009-12-21 15:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 17:05 . 2009-12-21 17:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 15:34 . 2009-12-21 15:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 16:18 . 2009-11-09 16:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 17:02 . 2009-12-21 17:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-21 15:43 . 2009-12-21 15:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-21 22:57 . 2009-12-21 22:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 15:15 . 2009-12-21 15:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 16:32 . 2009-12-21 16:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-21 16:15 . 2009-12-21 16:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-04-20 21:03 . 2010-04-20 21:03 3940352 c:\windows\Installer\cefdc2.msi
+ 2009-12-21 15:29 . 2009-12-21 15:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-27 17:34 . 2009-10-27 17:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 20:31 . 2009-12-21 20:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\cefe66.msp
+ 2009-12-21 20:21 . 2009-12-21 20:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-04-21 56064]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"GameDrive"="c:\program files\FarStone\GameDrive\GDP\GDTask.exe" [2006-07-21 167936]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-27 576000]

c:\documents and settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤žž\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-3-7 131072]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-5-23 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\User\\Επιφάνεια εργασίας\\Guns 'N' Roses\\uTorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [18/2/2010 6:15 μμ 71680]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [5/4/2009 4:23 μμ 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [15/10/2009 11:13 μμ 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [15/10/2009 11:14 μμ 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [15/10/2009 11:13 μμ 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [15/10/2009 11:14 μμ 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [15/10/2009 11:13 μμ 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [15/10/2009 11:02 μμ 41144]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [28/10/2009 4:54 μμ 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [1/12/2009 3:30 μμ 78848]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [15/10/2009 11:14 μμ 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/3/2010 11:16 πμ 1107336]
R2 INFOlearn_admin_srv;INFOlearn Admin Service;c:\windows\system32\infolearnasrv.exe [6/10/2006 8:35 μμ 49152]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [15/10/2009 11:02 μμ 177416]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/1/2008 1:54 μμ 540184]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\psksvc.exe [15/10/2009 11:13 μμ 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [15/10/2009 11:19 μμ 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [15/10/2009 11:13 μμ 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/5/2008 5:03 μμ 691696]
S1 SSHDRV65;SSHDRV65;\??\c:\windows\system32\drivers\SSHDRV65.sys --> c:\windows\system32\drivers\SSHDRV65.sys [?]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [4/2/2008 5:25 μμ 90357]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30/6/2009 9:32 μμ 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30/6/2009 9:32 μμ 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30/6/2009 9:32 μμ 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30/6/2009 9:32 μμ 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30/6/2009 9:32 μμ 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30/6/2009 9:32 μμ 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [30/6/2009 9:32 μμ 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [30/6/2009 9:32 μμ 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [30/6/2009 9:32 μμ 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [30/6/2009 9:32 μμ 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [30/6/2009 9:32 μμ 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [30/6/2009 9:32 μμ 117672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder

2010-04-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 12:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919281
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: Download the &current page with Offline Explorer - file://c:\program files\Offline Explorer\Add_AllO.htm
IE: Download using Offline &Explorer - file://c:\program files\Offline Explorer\Add_UrlO.htm
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\cu6zhwsp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.gr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 12:22
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:16,10,41,ed,64,3d,77,f2,44,9e,32,86,e1,f1,8f,c6,19,aa,b3,67,76,a2,d2,
73,61,f4,91,60,e8,8e,09,5d,f5,db,35,bd,f1,b2,26,dc,8a,86,20,0e,c9,1e,4f,98,\
"??"=hex:c2,59,d1,1c,d4,d2,90,9f,4a,b4,64,fe,e2,10,24,81

[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\License information*]
"datasecu"=hex:4e,10,57,e3,ee,b9,10,cd,ed,b0,f4,0a,39,5b,5d,c4,f4,5c,f9,8d,eb,
25,1d,10,c6,8f,ff,9b,72,ca,0a,32,3c,29,20,a5,3a,7e,00,95,4e,90,cb,5d,c2,27,\
"rkeysecu"=hex:8b,a4,d9,a9,1b,8f,88,92,bf,ca,aa,f3,89,e8,18,92
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1320)
c:\windows\system32\avldr.dll
.
Completion time: 2010-04-21 12:24:31
ComboFix-quarantined-files.txt 2010-04-21 09:24
ComboFix2.txt 2010-04-19 19:12
ComboFix3.txt 2010-04-19 18:48
ComboFix4.txt 2010-04-16 10:10

Pre-Run: 28 Κατάλογοι 59.637.858.304 διαθέσιμα byte
Post-Run: 29 Κατάλογοι 59.609.624.576 διαθέσιμα byte

- - End Of File - - FAAD2D2BCAAE24D4CD9B05513F1BE38C

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Yes, it seems ok for now, I'll test it for a couple of days and answer you back.

Thanks very much though

2 days now and it seems perfect. Consider it as solved

Thanks again!

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.