[jsparky77]

Recently i ran avast! antivirus on my computer and it found a Win32:Tiny-IF [trj] (a trojan). Could I please have some help removing this.

[Blackmirror]

Helo what did Avast do with it ??

Quarentine or remove it

[jsparky77]

Move to Chest

[jsparky77]

but it keeps coming back every time i scan

[Blackmirror]

Could you post a hjt log please and i will ask a member of our security team to take a look


If you have HJT already please uninstall before reinstalling new version
Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[jsparky77]

HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:42, on 2008-01-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\XP Program Files\Avast! AntiVirus\aswUpdSv.exe
D:\XP Program Files\Avast! AntiVirus\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\XP Program Files\AVG Anti-Spyware 7.5\guard.exe
D:\XPPROG~1\AVG\avgamsvr.exe
D:\XPPROG~1\AVG\avgupsvc.exe
D:\XPPROG~1\AVG\avgemc.exe
C:\Program Files\Vision Backup\BackupScheduler\BackupScheduler.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\XP Program Files\Avast! AntiVirus\ashMaiSv.exe
D:\XP Program Files\Avast! AntiVirus\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\XP Program Files\Avast! AntiVirus\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.au
R3 - URLSearchHook: (no name) - {2462d2d8-b36e-44ab-84bf-c5a9383d2429} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\XPPROG~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\XPPROG~1\AVG\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\XP Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\XPPROG~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\XPPROG~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\XPPROG~1\AVG\avgemc.exe
O23 - Service: avGuard Service (avGuard) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe
O23 - Service: BackupScheduler - Unknown owner - C:\Program Files\Vision Backup\BackupScheduler\BackupScheduler.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: NetVeda Safety.Net (ipcSvc) - NetVeda LLC - C:\Program Files\NetVeda\Safety.Net\ipcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - (no file)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe

--
End of file - 8030 bytes

Thanks.

[cybertech]

You have too many anti-virus programs running. Uninstall or make all but one of them on-demand.

Post our log again after that.

[jsparky77]

OK:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:38, on 2008-01-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\svchost.exe
D:\XP Program Files\Avast! AntiVirus\ashMaiSv.exe
D:\XP Program Files\Avast! AntiVirus\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {2462d2d8-b36e-44ab-84bf-c5a9383d2429} - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\XPPROG~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\XPPROG~1\AVG\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\XP Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\XPPROG~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\XPPROG~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\XPPROG~1\AVG\avgemc.exe
O23 - Service: avGuard Service (avGuard) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe
O23 - Service: BackupScheduler - Unknown owner - C:\Program Files\Vision Backup\BackupScheduler\BackupScheduler.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: NetVeda Safety.Net (ipcSvc) - NetVeda LLC - C:\Program Files\NetVeda\Safety.Net\ipcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - (no file)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe

--
End of file - 8501 bytes

Some of them just run constantly and they dont even have a tray icon

[cybertech]

Uninstall them from add/remove programs.

[jsparky77]

Ok heres the newest one after reboot:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07, on 2008-01-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\XP Program Files\Avast! AntiVirus\aswUpdSv.exe
D:\XP Program Files\Avast! AntiVirus\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
D:\XP Program Files\AVG Anti-Spyware 7.5\guard.exe
D:\XPPROG~1\AVG\avgamsvr.exe
D:\XPPROG~1\AVG\avgupsvc.exe
D:\XPPROG~1\AVG\avgemc.exe
C:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe
C:\Program Files\Vision Backup\BackupScheduler\BackupScheduler.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\XP Program Files\Avast! AntiVirus\ashMaiSv.exe
D:\XP Program Files\Avast! AntiVirus\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\XPPROG~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\XPPROG~1\AVG\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msx2.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\XP Program Files\Avast! AntiVirus\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\XP Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\XPPROG~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\XPPROG~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\XPPROG~1\AVG\avgemc.exe
O23 - Service: avGuard Service (avGuard) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe
O23 - Service: BackupScheduler - Unknown owner - C:\Program Files\Vision Backup\BackupScheduler\BackupScheduler.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: NetVeda Safety.Net (ipcSvc) - NetVeda LLC - C:\Program Files\NetVeda\Safety.Net\ipcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - (no file)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe

--
End of file - 9099 bytes

[cybertech]

Which one do you want to keep?

I find the easiest way to remove them is in safe mode and/or stopping the service.

[jsparky77]

Ad-aware 2007
ad-aware 6
Ashampoo Antivirus
Avast!
AVG anti spyware
AVG free
Bit Defender
HiJackThis
Syware Doctor
Super Anti-Spyware

Any of these that you would recommend not keeping?
Thanks for your help.

[cybertech]

Select one of these to keep, you don't need them all!
Ashampoo Antivirus
Avast!
AVG free
Bit Defender

Select one of these to keep, you don't need both:
Ad-aware 2007
ad-aware 6

[jsparky77]

Ashampoo because it has real time protection and Ad-aware 2007

[cybertech]

OK, remove the others from add/remove programs.