anyone knows how to remove Win32:Trojano-3160 [Trj] ?

[xaintarus]

my os is win xp and after my nortorn oem expired, i used AVAST 4.6 as recommended by my frens and they detect a virus in CFTMON i think...but now i keep getting avast telling my my cpu is infected with Win32:Trojano-3160 [Trj] i move it to chest but it keeps coming back. the changes i notice, is that sometimes my homepage would change from yahoo to another chinese webpage. and sometimes, the loading of yahoo webpage takes a long time. does not know if theres any link between these incidents.

below is the files in my chest..

12/2/2005 11:37:19 PM   Neo   1896   Sign of "Win32:Trojano-1780 [Trj]" has been found in "c:\windows\ctfmon.exe\[UPX]" file. 
12/2/2005 11:56:36 PM   Neo   132   Sign of "Win32:Trojano-1780 [Trj]" has been found in "C:\WINDOWS\ctfmon.exe\[UPX]" file. 
12/2/2005 11:57:43 PM   Neo   3852   Sign of "Win32:Trojano-1780 [Trj]" has been found in "c:\windows\ctfmon.exe\[UPX]" file. 
12/3/2005 12:00:45 AM   Neo   132   Sign of "Win32:Trojano-1780 [Trj]" has been found in "C:\Documents and Settings\Neo\Local Settings\Temp\_avast4_\unp19765251" file. 
12/3/2005 12:34:40 AM   Neo   132   Sign of "Win32:Trojano-1780 [Trj]" has been found in "C:\System Volume Information\_restore{D1EC2141-07DD-473E-A03D-B4BBF6F07F79}\RP79\A0017673.exe\[UPX]" file. 
12/5/2005 1:11:28 AM   SYSTEM   2012   Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 
12/5/2005 1:11:29 AM   SYSTEM   2012   An error has occured while attempting to update. Please check the logs. 
12/29/2005 6:28:22 PM   SYSTEM   1784   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\Program Files\Common Files\UPDATE\Update.exe" file. 
12/29/2005 6:29:59 PM   SYSTEM   1784   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\program files\common files\update\update.exe" file. 
12/29/2005 6:31:00 PM   Neo   2420   Sign of "Win32:Trojano-3160 [Trj]" has been found in "c:\program files\common files\update\update.exe" file. 
12/29/2005 6:34:05 PM   SYSTEM   1784   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\Program Files\Common Files\UPDATE\trzC0.tmp" file. 
12/29/2005 6:37:21 PM   SYSTEM   1784   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\System Volume Information\_restore{D1EC2141-07DD-473E-A03D-B4BBF6F07F79}\RP94\A0049149.exe" file. 
1/5/2006 7:11:47 PM   Neo   1524   Sign of "Win32:Trojano-3160 [Trj]" has been found in "c:\windows\system32\update.exe" file. 
1/5/2006 8:17:14 PM   SYSTEM   2016   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\System Volume Information\_restore{D1EC2141-07DD-473E-A03D-B4BBF6F07F79}\RP97\A0053277.exe" file. 
1/7/2006 9:57:03 PM   SYSTEM   2016   Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D. 
1/7/2006 9:57:04 PM   SYSTEM   2016   An error has occured while attempting to update. Please check the logs. 
1/11/2006 5:41:15 PM   Neo   2504   Sign of "Win32:Trojano-3160 [Trj]" has been found in "c:\windows\system32\update.exe" file. 
1/11/2006 5:46:11 PM   SYSTEM   1792   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\windows\system32\trzF9.tmp" file. 
1/11/2006 7:25:49 PM   Neo   3280   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz111.tmp" file. 
1/11/2006 7:36:46 PM   Neo   1568   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz28E.tmp" file. 
1/11/2006 7:37:07 PM   Neo   3388   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz2C0.tmp" file. 
1/11/2006 7:38:21 PM   Neo   3084   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz2C1.tmp" file. 
1/11/2006 7:53:08 PM   Neo   972   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz2E1.tmp" file. 
1/11/2006 7:53:34 PM   Neo   468   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz369.tmp" file. 
1/11/2006 7:54:02 PM   Neo   3172   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz36A.tmp" file. 
1/11/2006 7:54:14 PM   Neo   3500   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz36C.tmp" file. 
1/11/2006 7:56:04 PM   Neo   3104   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz36D.tmp" file. 
1/11/2006 7:56:14 PM   Neo   156   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz36F.tmp" file. 
1/11/2006 7:56:43 PM   Neo   2968   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz370.tmp" file. 
1/11/2006 8:32:13 PM   Neo   3112   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz371.tmp" file. 
1/11/2006 8:41:02 PM   Neo   3280   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz39C.tmp" file. 
1/11/2006 8:48:12 PM   Neo   4044   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz3A0.tmp" file. 
1/11/2006 8:56:30 PM   Neo   4040   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz3A5.tmp" file. 
1/11/2006 9:14:07 PM   Neo   3104   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz3A6.tmp" file. 
1/11/2006 9:14:18 PM   Neo   2908   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz3A7.tmp" file. 
1/11/2006 9:14:24 PM   Neo   3140   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz3A8.tmp" file. 
1/15/2006 7:23:30 AM   Neo   3080   Sign of "Win32:Trojano-3160 [Trj]" has been found in "c:\windows\system32\update.exe" file. 
1/15/2006 7:27:28 AM   Neo   2888   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\system32\trzF6.tmp" file. 
1/15/2006 7:32:59 AM   SYSTEM   1976   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\system32\trzF7.tmp" file. 
1/15/2006 7:34:41 AM   Neo   3364   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trzF8.tmp" file. 
1/15/2006 7:35:23 AM   Neo   2456   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trzF9.tmp" file. 
1/15/2006 7:35:41 AM   Neo   3488   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trzF9.tmp" file. 
1/15/2006 7:36:06 AM   Neo   2804   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trzF09.tmp" file. 
1/15/2006 7:36:16 AM   Neo   2620   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trzF09.tmp" file. 
1/15/2006 7:38:04 AM   Neo   3152   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trzFoA.tmp" file. 
1/15/2006 7:39:17 AM   Neo   1024   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz100.tmp" file. 
1/15/2006 7:39:45 AM   Neo   2800   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz100.tmp" file. 
1/15/2006 7:39:55 AM   Neo   3028   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz101.tmp" file. 
1/15/2006 7:40:01 AM   Neo   1532   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz102.tmp" file. 
1/15/2006 7:42:44 AM   Neo   2240   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz103.tmp" file. 
1/15/2006 7:43:59 AM   SYSTEM   1976   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\trz103.tmp.vir" file. 
1/15/2006 7:44:35 AM   Neo   2616   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz104.tmp" file. 
1/15/2006 7:45:00 AM   SYSTEM   1976   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\trz104.tmp.vir" file. 
1/15/2006 7:45:06 AM   SYSTEM   1976   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\trz104.tmp.vir" file. 
1/15/2006 7:45:21 AM   SYSTEM   1976   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\trz104.tmp.vir" file. 
1/15/2006 7:45:34 AM   Neo   3720   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz105.tmp" file. 
1/15/2006 7:45:54 AM   SYSTEM   1976   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\trz105.tmp.vir" file. 
1/15/2006 7:46:10 AM   Neo   3664   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz106.tmp" file. 
1/15/2006 7:46:16 AM   Neo   2732   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz107.tmp" file. 
1/15/2006 7:46:22 AM   Neo   3624   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz108.tmp" file. 
1/15/2006 7:49:56 AM   Neo   2480   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz109.tmp" file. 
1/15/2006 7:50:15 AM   Neo   2480   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz11D.tmp" file. 
1/15/2006 7:58:56 AM   Neo   1580   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz11E.tmp" file. 
1/15/2006 7:59:07 AM   Neo   1632   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz141.tmp" file. 
1/15/2006 7:59:20 AM   Neo   3816   Sign of "Win32:Trojano-3160 [Trj]" has been found in "C:\WINDOWS\Temp\trz145.tmp" file. 

[Lisandro]

i keep getting avast telling my my cpu is infected with Win32:Trojano-3160 [Trj] i move it to chest but it keeps coming back.

Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.

Other option is scanning in SafeMode (repeatedly press F8 while booting): http://support.microsoft.com/default.aspx?scid=kb;en-us;315222

Other good thing is disable System Restore, boot, enable it again. If you find a virus keeps coming back after you delete it, it's most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. Enable/Disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405

[xaintarus]

thanks for your advice, i will try what you have suggested. but my pc knowledge is limited i guess i have to wait till my fren is free then. attach below is a log of HJT:

Logfile of HijackThis v1.99.1
Scan saved at 8:57:14 AM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\SAND\client.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\res.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\software\BitComet\BitComet.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: 802.11b+g USB Wireless LAN Utility.lnk = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.lead.com.sg
O15 - Trusted Zone: http://*.moreatonce.com
O15 - Trusted Zone: http://schdnavdo.schooldna.com
O15 - Trusted Zone: http://schdnaweb.schooldna.com
O15 - Trusted Zone: http://schdnaweb1.schooldna.com
O15 - Trusted Zone: http://schdnaweb2.schooldna.com
O15 - Trusted Zone: http://www.schooldna.com
O15 - Trusted Zone: http://*.schooldna.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Universal Disk Manager - Unknown owner - C:\Program Files\Common Files\SAND\client.exe

[Spiritsongs]

   Xaintarus :

      You have some spyware on your machine & your HJT log
      indicates you have Spybot on your computer !? If true,
      I would encourage you to have their Experts help you on
      their forums at : http://forums.spybot.info
     
      Would be a good idea to install the good & FREE "Ewido"
      which "specializes" in detecting & removing trojans,
      worms, dialers, etc ; go to www.ewido.net/en .

      And lastly, your HJT log indicates you do NOT have the
      lastly version of Sun Java; many antiSPYWARE forums
      encourage the removal of ALL out-of-date versions,
      then go to : www.java.com and get their latest
     ( "Update 6 " ).