Thanks for getting back to me so quickly,
I did both those things and here are the reports:
The SDFix report:
SDFix: Version 1.136
Run by Hayward on 03/02/2008 at 21:03
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
srtwe
Path:
\??\C:\WINDOWS\system32\drivers\srtwe.sys
srtwe - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\877213~1 - Deleted
C:\Program Files\Helper\1201186989.dll - Deleted
C:\WINDOWS\system32\drivers\srtwe.sys - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
Folder C:\Program Files\Helper - Removed
Folder C:\WINDOWS\system32\wsnpoem - Removed
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-03 21:10:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d9,95,ee,34,8c,35,91,b7,35,81,b6,0b,44,bb,51,7d,f3,16,08,08,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d1,ed,38,24,5e,d7,79,a8,f1,7f,71,f9,4f,94,82,56,77,..
"khjeh"=hex:bc,9f,53,86,16,50,6f,e0,0f,f0,8c,17,ac,da,32,ad,c5,7e,7c,87,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d7,f9,8f,62,d6,6f,17,75,e7,ad,46,97,91,69,b5,ad,1d,00,5c,86,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d9,95,ee,34,8c,35,91,b7,35,81,b6,0b,44,bb,51,7d,f3,16,08,08,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d1,ed,38,24,5e,d7,79,a8,f1,7f,71,f9,4f,94,82,56,77,..
"khjeh"=hex:bc,9f,53,86,16,50,6f,e0,0f,f0,8c,17,ac,da,32,ad,c5,7e,7c,87,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d7,f9,8f,62,d6,6f,17,75,e7,ad,46,97,91,69,b5,ad,1d,00,5c,86,32,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Steam\\steamapps\\hayward85\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\hayward85\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Hayward\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Hayward\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Games\\RTW\\RomeTW.exe"="C:\\Games\\RTW\\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\WINDOWS\\system32\\ElectricSheep.scr"="C:\\WINDOWS\\system32\\ElectricSheep.scr:*:Enabled:ElectricSheep"
"C:\\Games\\crysis demo\\Bin32\\Crysis.exe"="C:\\Games\\crysis demo\\Bin32\\Crysis.exe:*:Enabled:Crysis_32_sp_demo"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Home Ftp Server\\HomeFtpServer.exe"="C:\\Program Files\\Home Ftp Server\\HomeFtpServer.exe:*:Enabled:Ftp Server Application"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 23 May 2005 19,968 A..H. --- "C:\Documents and Settings\Hayward\My Documents\Uni Work\year 1\Concepts Revision\~WRL0001.tmp"
Sun 9 Nov 2003 197 A..H. --- "C:\Documents and Settings\Hayward\My Documents\My Music\Mp3 Library\Turntablism\Cut Chemist Meets Shortkut - live at the futureprimitive soundse\whistory.ini.bak"
Thu 8 Jan 2004 129 A..H. --- "C:\Documents and Settings\Hayward\My Documents\My Music\Mp3 Library\Nu Skool Breaks - Dub Step - Electro House\Eat Static\Eat Static - implant\whistory.ini.bak"
Mon 26 Apr 2004 132 A..H. --- "C:\Documents and Settings\Hayward\My Documents\My Music\Mp3 Library\Hiphop\DJ Muggs\dj muggs - muggs presents the soul assassins chapter i\Blu Rum 13 - vaguely familiar\whistory.ini.bak"
Finished!
The DSS report:
SDFix: Version 1.136
Run by Hayward on 03/02/2008 at 21:03
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
srtwe
Path:
\??\C:\WINDOWS\system32\drivers\srtwe.sys
srtwe - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\877213~1 - Deleted
C:\Program Files\Helper\1201186989.dll - Deleted
C:\WINDOWS\system32\drivers\srtwe.sys - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
Folder C:\Program Files\Helper - Removed
Folder C:\WINDOWS\system32\wsnpoem - Removed
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-03 21:10:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d9,95,ee,34,8c,35,91,b7,35,81,b6,0b,44,bb,51,7d,f3,16,08,08,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d1,ed,38,24,5e,d7,79,a8,f1,7f,71,f9,4f,94,82,56,77,..
"khjeh"=hex:bc,9f,53,86,16,50,6f,e0,0f,f0,8c,17,ac,da,32,ad,c5,7e,7c,87,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d7,f9,8f,62,d6,6f,17,75,e7,ad,46,97,91,69,b5,ad,1d,00,5c,86,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d9,95,ee,34,8c,35,91,b7,35,81,b6,0b,44,bb,51,7d,f3,16,08,08,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d1,ed,38,24,5e,d7,79,a8,f1,7f,71,f9,4f,94,82,56,77,..
"khjeh"=hex:bc,9f,53,86,16,50,6f,e0,0f,f0,8c,17,ac,da,32,ad,c5,7e,7c,87,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d7,f9,8f,62,d6,6f,17,75,e7,ad,46,97,91,69,b5,ad,1d,00,5c,86,32,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Steam\\steamapps\\hayward85\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\hayward85\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Hayward\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Hayward\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Games\\RTW\\RomeTW.exe"="C:\\Games\\RTW\\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\WINDOWS\\system32\\ElectricSheep.scr"="C:\\WINDOWS\\system32\\ElectricSheep.scr:*:Enabled:ElectricSheep"
"C:\\Games\\crysis demo\\Bin32\\Crysis.exe"="C:\\Games\\crysis demo\\Bin32\\Crysis.exe:*:Enabled:Crysis_32_sp_demo"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Home Ftp Server\\HomeFtpServer.exe"="C:\\Program Files\\Home Ftp Server\\HomeFtpServer.exe:*:Enabled:Ftp Server Application"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 23 May 2005 19,968 A..H. --- "C:\Documents and Settings\Hayward\My Documents\Uni Work\year 1\Concepts Revision\~WRL0001.tmp"
Sun 9 Nov 2003 197 A..H. --- "C:\Documents and Settings\Hayward\My Documents\My Music\Mp3 Library\Turntablism\Cut Chemist Meets Shortkut - live at the futureprimitive soundse\whistory.ini.bak"
Thu 8 Jan 2004 129 A..H. --- "C:\Documents and Settings\Hayward\My Documents\My Music\Mp3 Library\Nu Skool Breaks - Dub Step - Electro House\Eat Static\Eat Static - implant\whistory.ini.bak"
Mon 26 Apr 2004 132 A..H. --- "C:\Documents and Settings\Hayward\My Documents\My Music\Mp3 Library\Hiphop\DJ Muggs\dj muggs - muggs presents the soul assassins chapter i\Blu Rum 13 - vaguely familiar\whistory.ini.bak"
Finished!
and then a Hijack this from after both:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:00, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Hayward\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {08D2F66D-56D8-4ED4-9C6B-A4F1DC91A1F2} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {F4982BAB-80E9-4838-A2A0-95D30F348161} - C:\WINDOWS\system32\jkkkijg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 6009 bytes
It seems to have cleaned the logger.zbot.np but the symptoms remain, low speed, bandwidth traffic when online etc.
Thanks again