TR/Crypt.XPACK.Gen problem and pc running slow

I recently downloaded what must have been a dodgy piece of software, and now the pc runs slow and it seems to have slowed the network down with this pc on?
After running Avira Personal i get the following problem - TR/Crypt.XPACK.Gen, but still have a problem.

I also have tr/vundo.gen

DDS (Ver_09-05-14.01) - NTFSx86
Run by XP at 17:31:28.14 on 01/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.599 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\zFTPServer\zFTPServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\024HTAY9\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: {41e886d7-9c01-36bc-c8a0-14a40c7714b1} - c:\windows\ofoxozab.dll
BHO: c:\windows\system32\hsf73ikmdf3f.dll: {b2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\hsf73ikmdf3f.dll
BHO: {f98e963e-dca6-45eb-baf5-289744a0cba5} - c:\windows\system32\polapoho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [labohamizu] Rundll32.exe "c:\windows\system32\rimomuzo.dll",s
mRun: [CPM7fb648e5] Rundll32.exe "c:\windows\system32\vehefutu.dll",a
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Lpoqen] rundll32.exe "c:\windows\ofoxozab.dll",e
dRun: [InetChk] c:\windows\temp\ms1238828369.exe work
StartupFolder: c:\docume~1\xp\startm~1\programs\startup\zftpse~1.lnk - c:\program files\zftpserver administration\zFTPServerAdmin.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
TCP: {1C193306-E038-4D0D-9FA1-EDC434BF9BC3} = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\mikasova.dll c:\windows\system32\nimiwoga.dll c:\windows\system32\numonuji.dll c:\windows\system32\loganoye.dll c:\windows\system32\vehefutu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vehefutu.dll
STS: c:\windows\system32\hsf73ikmdf3f.dll: {b2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\hsf73ikmdf3f.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\vehefutu.dll
LSA: Notification Packages = scecli c:\windows\system32\mikasova.dll wsrisx40.dll c:\windows\system32\loganoye.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-14 11608]
R2 antivirschedulerservice;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-14 108289]
R2 antivirservice;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-14 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-14 55640]
R2 zFTPSvc;zFTPServer;c:\program files\zftpserver\zFTPServer.exe [2008-3-9 2222080]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2008-3-9 12416]

=============== Created Last 30 ================


==================== Find3M ====================

2009-06-01 17:31 104,558 a------- c:\windows\system32\drivers\f26f6ffa.sys
2009-04-28 21:28 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-07 21:27 15,004 a------- c:\windows\system32\ovfsthsybrmtuddpvpvmxdrfkxidgnysfnygaw.dat
2009-04-07 21:18 0 a------- C:\ovmhmkie.exe
2009-04-07 21:18 0 a------- C:\onspqrnk.exe
2009-04-07 21:17 0 a------- C:\fkajlvl.exe
2009-04-07 21:17 27,136 a------- C:\qunxkv.exe
2009-03-05 10:38 71,680 a------- c:\windows\ST5UNST.EXE
2008-06-22 20:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062220080623\index.dat

============= FINISH: 17:31:49.98 ===============

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (Aira)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-05-31.06 - XP 01/06/2009 17:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.670 [GMT 1:00]
Running from: c:\documents and settings\XP\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\ovfsthsybrmtuddpvpvmxdrfkxidgnysfnygaw.dat
c:\windows\system32\ovfsthuglwragdvpdootbecfukwjitxepbobxg.dat
c:\windows\wsrisx40.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthrjlkmotoqbitqlbfuwpuwswuigwwunxe


((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 16:50 . 2009-04-07 20:17 104558 ----a-w- c:\windows\system32\drivers\f26f6ffa.sys
2009-06-01 16:19 . 2008-01-16 19:18 -------- d-----w- c:\program files\DynDNS Updater
2009-04-28 20:28 . 2009-04-14 21:41 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-28 20:28 . 2009-04-14 21:41 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-14 21:41 . 2009-04-14 21:41 -------- d-----w- c:\program files\Avira
2009-04-14 21:41 . 2009-04-14 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-04-14 21:16 . 2009-04-07 20:37 16 ----a-w- c:\windows\Ddijifasoc.bin
2009-04-14 21:16 . 2009-04-07 20:37 1420 ----a-w- c:\windows\Qmeyejabiv.dat
2009-04-14 17:39 . 2008-03-10 19:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-07 20:18 . 2009-04-07 20:18 0 ----a-w- C:\ovmhmkie.exe
2009-04-07 20:18 . 2009-04-07 20:18 0 ----a-w- C:\onspqrnk.exe
2009-04-07 20:17 . 2009-04-07 20:17 0 ----a-w- C:\fkajlvl.exe
2009-04-07 20:17 . 2009-04-07 20:17 27136 ----a-w- C:\qunxkv.exe
2009-04-04 07:14 . 2008-03-09 19:17 -------- d-----w- c:\documents and settings\XP\Application Data\BitTorrent
2009-04-03 17:28 . 2008-12-02 22:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-03 11:00 . 2009-04-02 18:55 -------- d-----w- c:\documents and settings\XP\Application Data\nidle
2009-03-05 09:38 . 1997-01-16 00:00 71680 ----a-w- c:\windows\ST5UNST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600]
@="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}"
[HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}]
2007-06-23 02:03 598016 ----a-w- c:\windows\system32\FPAP-EXL600\FileptcIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\XP\Start Menu\Programs\Startup\
zFTPServer Administration.lnk - c:\program files\zFTPServer Administration\zFTPServerAdmin.exe [2008-3-9 4454400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\inetsrv\\inetinfo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 antivirschedulerservice;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14/04/2009 22:41 108289]
R2 zFTPSvc;zFTPServer;c:\program files\zFTPServer\zFTPServer.exe [09/03/2008 18:14 2222080]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [09/03/2008 13:12 12416]
.
- - - - ORPHANS REMOVED - - - -

BHO-{41e886d7-9c01-36bc-c8a0-14a40c7714b1} - c:\windows\ofoxozab.dll
BHO-{f98e963e-dca6-45eb-baf5-289744a0cba5} - c:\windows\system32\polapoho.dll
HKLM-Run-labohamizu - c:\windows\system32\rimomuzo.dll
HKLM-Run-CPM7fb648e5 - c:\windows\system32\vehefutu.dll
HKLM-Run-Lpoqen - c:\windows\ofoxozab.dll
SafeBoot-procexp90.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: {1C193306-E038-4D0D-9FA1-EDC434BF9BC3} = 192.168.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 17:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\f26f6ffa]
"ImagePath"="\SystemRoot\System32\drivers\f26f6ffa.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1884)
c:\windows\system32\FPAP-EXL600\FileptcIconOverlay.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\DynDNS Updater\DynDNS.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-01 17:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 16:52

Pre-Run: 88,373,665,792 bytes free
Post-Run: 88,400,478,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

137 --- E O F --- 2009-03-17 08:31

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
f26f6ffa

File::
c:\windows\system32\drivers\f26f6ffa.sys
c:\windows\Ddijifasoc.bin
c:\windows\Qmeyejabiv.dat
C:\ovmhmkie.exe
C:\onspqrnk.exe
C:\fkajlvl.exe
C:\qunxkv.exe

Folder::
c:\documents and settings\XP\Application Data\DNA
c:\documents and settings\XP\Application Data\BitTorrent
c:\Program Files\DNA
c:\Program Files\BitTorrent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\f26f6ffa]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-05-31.06 - XP 01/06/2009 18:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.690 [GMT 1:00]
Running from: c:\documents and settings\XP\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\XP\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"C:\fkajlvl.exe"
"C:\onspqrnk.exe"
"C:\ovmhmkie.exe"
"C:\qunxkv.exe"
"c:\windows\Ddijifasoc.bin"
"c:\windows\Qmeyejabiv.dat"
"c:\windows\system32\drivers\f26f6ffa.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\XP\Application Data\BitTorrent
c:\documents and settings\XP\Application Data\BitTorrent\.-Xilisoft DVD to 3GP Converter v5.0.41.0303 +_KeYgEn- !.torrent
c:\documents and settings\XP\Application Data\BitTorrent\ABBA GOLD - Greatest Hits HQ 320 kbps.torrent
c:\documents and settings\XP\Application Data\BitTorrent\African Scream Contest_ Raw And Psychedelic Afro Sounds From Benin And Togo 70's.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Alice_Russell-Under_the_Munka_Moon_II[2006].torrent
c:\documents and settings\XP\Application Data\BitTorrent\Amateur Asian Anal Creampie.mp4.torrent
c:\documents and settings\XP\Application Data\BitTorrent\andrew weatherall - sci.fi.lo.fi vol. 1 [2007].1.torrent
c:\documents and settings\XP\Application Data\BitTorrent\andrew weatherall - sci.fi.lo.fi vol. 1 [2007].torrent
c:\documents and settings\XP\Application Data\BitTorrent\Asian Dub Foundation - 2008 - Punkara.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Autodesk Maya Unlimited 8.5 Hybrid [h33t DVD IMAGE].torrent
c:\documents and settings\XP\Application Data\BitTorrent\AUTODESK.MAYA.UNLIMITED.V8.5.HYBRID.DVD-ISO.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Beck - Modern Guilt [mp3-320-2008].torrent
c:\documents and settings\XP\Application Data\BitTorrent\Big_Bodacious_Knockers_Boobs_Sex_XXX.torrent
c:\documents and settings\XP\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\XP\Application Data\BitTorrent\Booka Shade - Movements [2006].torrent
c:\documents and settings\XP\Application Data\BitTorrent\Booka Shade The Sun The Neon Light 2008.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Cyberlink PowerProducer Ultra v5.0.0314 Multilanguage.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Daniel Johnston.torrent
c:\documents and settings\XP\Application Data\BitTorrent\David_Holmes-The_Holy_Pictures-2008-DV8.torrent
c:\documents and settings\XP\Application Data\BitTorrent\dht.dat
c:\documents and settings\XP\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\XP\Application Data\BitTorrent\Djay 2.1 + Serial (mac).zip.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Duffy.-.Rockferry.(2008).torrent
c:\documents and settings\XP\Application Data\BitTorrent\DVDlab PRO 2.33 [CSI][h33t].torrent
c:\documents and settings\XP\Application Data\BitTorrent\Ella_Things Ain't What They Used To Be (And You Better Believe It).torrent
c:\documents and settings\XP\Application Data\BitTorrent\Eva Angelina- Anal Creampie.avi.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Fawlty Towers - Season 1 + 2.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Fleet Foxes, 2008, Fleet Foxes.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Gabriella Cilmi - Lessons To Be Learned.torrent
c:\documents and settings\XP\Application Data\BitTorrent\GHOST_2003_USB_NTFS_BACKUP.torrent
c:\documents and settings\XP\Application Data\BitTorrent\GOGOL BORDELLO.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Happy.Go.Lucky.[2008.Eng].DVDRip.DivX-LTT.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Ida_Maria-Fortress_Round_My_Heart-2008-REiSERADiO.torrent
c:\documents and settings\XP\Application Data\BitTorrent\ImTOO DVD to 3GP Converter v5.0.torrent
c:\documents and settings\XP\Application Data\BitTorrent\ImTOO.3GP.Video.Converter.v3.1.83 Full With Keygen.zip.torrent
c:\documents and settings\XP\Application Data\BitTorrent\ImTOO.DVD.to.3GP.Converter.v4.0.43.0403.WinAll.Incl.Keygen-CRD.zip.torrent
c:\documents and settings\XP\Application Data\BitTorrent\In.Bruges.2008.720p.HDTV.x264-AC3HD.[www.UsaBit.com].torrent
c:\documents and settings\XP\Application Data\BitTorrent\Intervideo MP3+DVD XPack.torrent
c:\documents and settings\XP\Application Data\BitTorrent\JCandBD.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Jean-Luc Godard - Weekend (1967).avi.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Keygen_Activate_TomTom_One_Go_Pocket.rar.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Kianna Asian Big Boob.mp4.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Kings Of Leon -- Only By The Night[2008][MP3@320kbps].torrent
c:\documents and settings\XP\Application Data\BitTorrent\Kingston Trio albums cd3.rar.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Lee Hazlewood & Ann-Margret - The Cowboy And The Lady (1969).torrent
c:\documents and settings\XP\Application Data\BitTorrent\Little Feat- Dixie Chicken.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Little Feat-18 cd-.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Magic ISO Maker 5.5.rar.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Magic Video Converter 8.0.2.18.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Manu Chao.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Mark Ronson - Version [2007][CD+SkidVid+Cov].torrent
c:\documents and settings\XP\Application Data\BitTorrent\McGraw.Hill.Microsoft.Office.SharePoint.Server.2007.The.Complete.Reference.Sep.2007.eBook-BBL.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Mega Sony Ericsson Game Pack.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Milk (2008) DVDSCR Occor avi.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Native Instruments Traktor 3.4.0.210.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Native Instruments Traktor DJ Studio 3.4.1.040.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Native.Instruments.Traktor.v3.3.MAC.OSX.UB-ArCADE.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Neil Young - After The Goldrush.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Neko Case - Fox Confessor Brings The Flood [2006].torrent
c:\documents and settings\XP\Application Data\BitTorrent\Nero 8 Ultra Edition 8.1.1.3.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Nero Burning Rom 6.6.1.4 FR + Nero Vision Express 3.1.0.25 FR + Serial.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Norton Ghost 14.0 + Recovery Disk.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Oasis-Dig Out Your Soul-2008.torrent
c:\documents and settings\XP\Application Data\BitTorrent\OST Collection part-3.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Oxford American Southern Music CD No. 5.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Plato DVD to 3GP Converter v7.82 FINAL.rar.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Primal Scream - 9 Albums.torrent
c:\documents and settings\XP\Application Data\BitTorrent\resume.dat
c:\documents and settings\XP\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\XP\Application Data\BitTorrent\Robert Plant & Alison Krauss - Raising Sand (256Kbps).torrent
c:\documents and settings\XP\Application Data\BitTorrent\Rock N Rolla 2008 DvdRip-DiAMOND[Resource Kvcd by JRNAD].torrent
c:\documents and settings\XP\Application Data\BitTorrent\Roots Manuva - Slime & Reason[2008][MP3@320kbps]-antecho.torrent
c:\documents and settings\XP\Application Data\BitTorrent\rss.dat
c:\documents and settings\XP\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\XP\Application Data\BitTorrent\Run.Fat.Boy.Run.PAL.DVDR-SCREAM.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Saint Etienne.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Seasick Steve - Dog House Music (2006).torrent
c:\documents and settings\XP\Application Data\BitTorrent\Seasick Steve - I Started Out With Nothin And I Still Got Most Of It Left (2008).torrent
c:\documents and settings\XP\Application Data\BitTorrent\Seasick Steve & The Level Devils - Cheap.torrent
c:\documents and settings\XP\Application Data\BitTorrent\settings.dat
c:\documents and settings\XP\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\XP\Application Data\BitTorrent\Siemens eBooks (Electricity, Power Distribution, Motor Control).torrent
c:\documents and settings\XP\Application Data\BitTorrent\Siemens Simatic Step7 Completo Plugins (Plc-Sim,Higraph Etc) Crack.rar.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Slumdog Millionaire.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Sun Giant EP.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Swedish Erotica #78.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Charlatans-You Cross My Path.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Everly Brothers-7 cd.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Good The Bad And The Queen [2007][CD+2 SkidVids+Cov].torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Jesus and Mary Chain.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Mighty Boosh - The Complete Radio Series.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Pussycats - The Pussycats Story.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Raconteurs - Consolers Of The Lonely [2008].torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Shortwave Set - The Debt Collection.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Snatch - Soundtrack.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Verve - Urban Hymns.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Wrestler (DVD) screener ISO.1.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The Wrestler (DVD) screener ISO.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The.Curious.Case.Of.Benjamin.Button.2008.DVD.Screener_Bloodshot.torrent
c:\documents and settings\XP\Application Data\BitTorrent\The.Reader.DVDSCR.XviD-ALLiANCE.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Tiffani Rox - Creampie Surprise.mpg.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Tindersticks - 2008 - The hungry saw - Mp3 - Tag.torrent
c:\documents and settings\XP\Application Data\BitTorrent\TMPGEnc 4.0 XPress 4.4.1.237 - Retail.torrent
c:\documents and settings\XP\Application Data\BitTorrent\TomTom Maps of United Kingdom and Republic of Ireland v8.10.1870 Retail T0nK4 [h33t][Spamicide].torrent
c:\documents and settings\XP\Application Data\BitTorrent\TomTom.Maps.of.United.Kingdom.and.Republic.of.Ireland.v8.10.1870.Retail-T0nK4.1.torrent
c:\documents and settings\XP\Application Data\BitTorrent\TomTom.Maps.of.United.Kingdom.and.Republic.of.Ireland.v8.10.1870.Retail-T0nK4.2.torrent
c:\documents and settings\XP\Application Data\BitTorrent\TomTom.Maps.of.United.Kingdom.and.Republic.of.Ireland.v8.10.1870.Retail-T0nK4.torrent
c:\documents and settings\XP\Application Data\BitTorrent\VA--Time_Life_-_Ultimate_Wedding_Songs-2005-WUS.torrent
c:\documents and settings\XP\Application Data\BitTorrent\wedding songs.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Weekend.1967.DVDrip.XViD-833f.d3m0n.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Western Europe 1GB 815.2024.torrent
c:\documents and settings\XP\Application Data\BitTorrent\WILCO - The Complete Singles (1994 - 2002) MP3.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Windows XP Home Edition SP2 OEM.iso.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Windows XP Pro SP2 ISO.rar.torrent
c:\documents and settings\XP\Application Data\BitTorrent\Yesterday's Gold (25 CD).torrent
C:\fkajlvl.exe
C:\onspqrnk.exe
C:\ovmhmkie.exe
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.8bc1.dmp
c:\program files\BitTorrent\8642-bittorrent.a608.dmp
c:\program files\BitTorrent\8642-bittorrent.e325.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
C:\qunxkv.exe
c:\windows\Ddijifasoc.bin
c:\windows\Qmeyejabiv.dat
c:\windows\system32\drivers\f26f6ffa.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_f26f6ffa


((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 16:19 . 2008-01-16 19:18 -------- d-----w- c:\program files\DynDNS Updater
2009-04-28 20:28 . 2009-04-14 21:41 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-28 20:28 . 2009-04-14 21:41 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-14 21:41 . 2009-04-14 21:41 -------- d-----w- c:\program files\Avira
2009-04-14 21:41 . 2009-04-14 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-04-14 17:39 . 2008-03-10 19:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-03 17:28 . 2008-12-02 22:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-03 11:00 . 2009-04-02 18:55 -------- d-----w- c:\documents and settings\XP\Application Data\nidle
2009-03-05 09:38 . 1997-01-16 00:00 71680 ----a-w- c:\windows\ST5UNST.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-06-01_16.50.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-25 18:44 . 2009-06-01 17:06 169881 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600]
@="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}"
[HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}]
2007-06-23 02:03 598016 ----a-w- c:\windows\system32\FPAP-EXL600\FileptcIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\XP\Start Menu\Programs\Startup\
zFTPServer Administration.lnk - c:\program files\zFTPServer Administration\zFTPServerAdmin.exe [2008-3-9 4454400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\inetsrv\\inetinfo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 antivirschedulerservice;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14/04/2009 22:41 108289]
R2 zFTPSvc;zFTPServer;c:\program files\zFTPServer\zFTPServer.exe [09/03/2008 18:14 2222080]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [09/03/2008 13:12 12416]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: {1C193306-E038-4D0D-9FA1-EDC434BF9BC3} = 192.168.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 18:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3732)
c:\windows\system32\FPAP-EXL600\FileptcIconOverlay.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\DynDNS Updater\DynDNS.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-01 18:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 17:10
ComboFix2.txt 2009-06-01 16:52

Pre-Run: 88,413,949,952 bytes free
Post-Run: 88,403,681,280 bytes free

246 --- E O F --- 2009-03-17 08:31

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

All seems alot faster, web pages loading at normal speed, i will keep trying it, thank you very much.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.