??? ??? ??? ??? earlier today my sister sent me a file on msn it said do you like this, and i opened it now my avast is going crazy saying caution potential infection was detected,then it says continue or dont send the more i press dont send the more it pops up, its not stopped popping up i dont know what to do,the avast mail scanner is permenatly running in the blue bar at the bottom but im not sending no email heres what it says as well when it pops up,

There are too many identical e-mails in appointed time

these are emails i am not sending it turns out my sister never sent me the file its some sort of virus or something and her computer is going crazy too,can anyone be any help to me im at my wits end havent a clue what to do, ive deleted msn and told everyone to block me as they say i was sending files to them, which i wasnt. ive deleted the file what was sent to me i have done a virus scan its not found anything, were are these emails being sent from on my pc ??? am i hacked i have typed this thread with about 40 pop up off avast on my screen

please help thanks…gemma

Please modify your Post removing the email addresses, as these may be legitimate emails which could be harvested resulting in more spam being sent to these innocent bystanders.

There would appear to be an undetected or hidden trojan spambot on your system sending out these emails.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

1. If using winXP SUPERantispyware On-Demand only in free version. Or AVG anti-spyware (formerly Ewido) Resident scanner during trial On-Demand after trial ends. Or Spyware Terminator Resident scanner. Or a-Squared free On-Demand only with free version(if using win98/ME).

What is your firewall (?) as this too should be able to intercept unauthorised internet connections (like the application trying to send the emails) ?

thanks for your help i have windows firewall and ive run the things you have told me and there is nothing its free of spyware. so what can i do to get this off

Hmmm maybe you are attacked by trojan mirror…
do avast pop up happen if u disconnect the internet??

yes it still pops up ???

Did you run the SAS, etc. in safe mode as suggested and if so what were the results ?

Next step this may be protected by a rootkit so it is hidden by another process, the rootkit.
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.

• Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
• F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight
• AVG Anti-Rootkit http://free.grisoft.com/doc/avg-anti-rootkit-free/lng/us/tpl/v5.

i think its gone thanks very much for all your help ;D no more pop ups or the email thing in my blue tray at the bottom
do you think its gone now ??

Which program was it that you ran that detected it and what was the detected file ?

These tools usually give a log on completion information from that log could help others, especially if we can obtain a sample of the file/s concerned.

its not gone still here im gonna try everything again :-[ :-[ :-[

Try one thing at a time and report the findings so that we can see what has been found or otherwise.

The more information we have the more likely we will be able to help.

As I mentioned previously the anti-spyware tools I gave in my first reply are best run from safe mode.

ive tried superantispyware in safe mode and the avg one in safe mode they find nothing im gonna keep trying everything else you have said il keep you updated on my findings

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. As posted before by David, it will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
   If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster (for XP/Vista). For XP: Panda (for XP).

6. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

i am running spyware terminator at the min and there are 11 critical objects

but the little avast mail symbol does not stop running in my tray at the bottom as if im sending loads of emails and im not there spam emails.
just cant seem to get rid of it as nothing is picking it up.
il send you the details of what the spyware terminator says when its finished

Yes give us details, without them we are totally in the dark.

What are the 11 critical objects, etc. ?

You can copy and paste the contents of that loge here, you may need to split it over two posts if it is large.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:15, on 14/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\hbfrfyva.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
c:\PROGRA~1\Crawler\CMail.exe
C:\Documents and Settings\lisa richardson\My Documents\My Music\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM..\Run: [TPSMain] TPSMain.exe
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM..\Run: [IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”
O4 - HKLM..\Run: [IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 - HKLM..\Run: [RoxioDragToDisc] “C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe”
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM..\Run: [lxcrmon.exe] “C:\Program Files\Lexmark 2400 Series\lxcrmon.exe”
O4 - HKLM..\Run: [EzPrint] “C:\Program Files\Lexmark 2400 Series\ezprint.exe”
O4 - HKLM..\Run: [FaxCenterServer] “C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s
O4 - HKLM..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ovpy] C:\WINDOWS\system32\ovpy.exe
O4 - HKLM..\Run: [hbfrfyva] C:\WINDOWS\system32\hbfrfyva.exe
O4 - HKLM..\Run: [SpywareTerminator] “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\lisa richardson\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler Service (oaojiana) - Unknown owner - C:\WINDOWS\system32\hbfrfyva.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

–
End of file - 11820 bytes

this is from hijackthis

i am just doing runscanner now ive done everything what everyone has told me, and its still here sending emails from my laptop :‘( :’(

and this is from runscanner

Runscanner logfile http://www.runscanner.net

• = signed file

• = file not found

000 General info

Computer name : STUANDKAITLYNN
Creation time : 14/12/2007 21:54:48
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.6.0.4
User Language : English (United Kingdom)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes

• c:\windows\system32\alg.exe (Microsoft Corporation)
• c:\program files\symantec\liveupdate\aluschedulersvc.exe (Symantec Corporation)
• c:\program files\alwil software\avast4\ashserv.exe (ALWIL Software)
• c:\program files\alwil software\avast4\aswupdsv.exe (ALWIL Software)
• c:\program files\alwil software\avast4\ashmaisv.exe (ALWIL Software)
• c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)
• c:\program files\alwil software\avast4\ashwebsv.exe (ALWIL Software)
• c:\windows\system32\csrss.exe (Microsoft Corporation)
• c:\windows\system32\dllhost.exe (Microsoft Corporation)
• c:\progra~1\crawler\toolbar\ctoolbar.exe (Crawler.com)
• c:\windows\system32\ctfmon.exe (Microsoft Corporation)
  c:\windows\system32\dla\dlactrlw.exe (Sonic Solutions)
• c:\windows\system32\svchost.exe (Microsoft Corporation)
• c:\windows\system32\svchost.exe (Microsoft Corporation)
• c:\windows\system32\svchost.exe (Microsoft Corporation)
• c:\windows\system32\svchost.exe (Microsoft Corporation)
• c:\windows\system32\svchost.exe (Microsoft Corporation)
• c:\windows\system32\svchost.exe (Microsoft Corporation)
• c:\windows\system32\svchost.exe (Microsoft Corporation)
• c:\windows\system32\svchost.exe (Microsoft Corporation)
• c:\windows\system32\svchost.exe (Microsoft Corporation)
  c:\windows\system32\hbfrfyva.exe
• c:\windows\system32\hkcmd.exe (Intel Corporation)
  c:\program files\toshiba\toshiba applet\thotkey.exe (TOSHIBA)
  c:\program files\intel\wireless\bin\dot1xcfg.exe (Intel Corporation)
  c:\program files\intel\wireless\bin\ifrmewrk.exe (Intel Corporation)
  c:\program files\intel\wireless\bin\evteng.exe (Intel Corporation)
  c:\program files\intel\wireless\bin\regsrvc.exe (Intel Corporation)
• c:\program files\internet explorer\iexplore.exe (Microsoft Corporation)
• c:\program files\java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
  c:\program files\lexmark 2400 series\ezprint.exe (Lexmark International Inc.)
• c:\program files\common files\symantec shared\pif{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe (Symantec Corporation)
• c:\windows\system32\lsass.exe (Microsoft Corporation)
  c:\progra~1\crawler\cmail.exe (Crawler.com)
• c:\windows\ehome\mcrdsvc.exe (Microsoft Corporation)
• c:\windows\ehome\ehmsas.exe (Microsoft Corporation)
• c:\windows\ehome\ehrecvr.exe (Microsoft Corporation)
• c:\windows\ehome\ehsched.exe (Microsoft Corporation)
• c:\windows\ehome\ehtray.exe (Microsoft Corporation)
• c:\windows\system32\igfxpers.exe (Intel Corporation)
• c:\windows\system32\lxcrcoms.exe
  c:\program files\real\realplayer\realplay.exe (RealNetworks, Inc.)
• c:\windows\rthdcpl.exe (Realtek Semiconductor Corp.)
• c:\windows\system32\rundll32.exe (Microsoft Corporation)
• c:\documents and settings\lisa richardson\local settings\temporary internet files\content.ie5\m7e9lj7p\runscanner[1].exe (Runscanner.net)
  c:\program files\toshiba\configfree\cfsvcs.exe (TOSHIBA CORPORATION)
• c:\windows\system32\services.exe (Microsoft Corporation)
  c:\program files\toshiba\toshiba zooming utility\smoothview.exe (TOSHIBA Corporation)
  c:\windows\agrsmmsg.exe (Agere Systems)
• c:\windows\system32\spoolsv.exe (Microsoft Corporation)
  c:\program files\spyware terminator\sp_rsser.exe (Crawler.com)
• c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
• c:\program files\synaptics\syntp\syntpenh.exe (Synaptics, Inc.)
• c:\program files\synaptics\syntp\toshiba.exe (Synaptics, Inc.)
  c:\program files\toshiba\toshiba applet\tappsrv.exe (TOSHIBA Corp.)
  c:\program files\toshiba\tvs\tvstray.exe (TOSHIBA Corporation)
  c:\windows\system32\tpsbattm.exe (TOSHIBA Corporation)
  c:\windows\system32\tpsmain.exe (TOSHIBA Corporation)
• c:\windows\explorer.exe (Microsoft Corporation)
• c:\windows\system32\winlogon.exe (Microsoft Corporation)
• c:\windows\system32\smss.exe (Microsoft Corporation)
  c:\program files\intel\wireless\bin\s24evmon.exe (Intel Corporation)
  c:\progra~1\common~1\x10\common\x10nets.exe (X10)
  c:\program files\intel\wireless\bin\zcfgsvc.exe (Intel Corporation)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)

C:\WINDOWS\agrsmmsg.exe (Agere Systems)

• c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)
  c:\windows\system32\dla\dlactrlw.exe (Sonic Solutions)
  c:\program files\lexmark 2400 series\ezprint.exe (Lexmark International Inc.)
  c:\program files\lexmark fax solutions\fm3032.exe
  c:\windows\system32\hbfrfyva.exe
  c:\program files\intel\wireless\bin\ifrmewrk.exe (Intel Corporation)
  c:\program files\intel\wireless\bin\zcfgsvc.exe (Intel Corporation)
  c:\program files\lexmark 2400 series\lxcrmon.exe
  c:\windows\system32\ovpy.exe
  c:\program files\real\realplayer\realplay.exe (RealNetworks, Inc.)
  c:\program files\roxio\easy media creator 7\drag to disc\drgtodsc.exe (Roxio)
  c:\program files\toshiba\toshiba zooming utility\smoothview.exe (TOSHIBA Corporation)
  c:\program files\spyware terminator\spywareterminatorshield.exe (Crawler.com)
  c:\program files\toshiba\toshiba applet\thotkey.exe (TOSHIBA)
  C:\WINDOWS\system32\tpsmain.exe (TOSHIBA Corporation)
  c:\program files\toshiba\tvs\tvstray.exe (TOSHIBA Corporation)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)

• c:\program files\alwil software\avast4\ashserv.exe (avast! Antivirus)
• c:\program files\alwil software\avast4\aswupdsv.exe (avast! iAVS4 Control Service)
• c:\program files\alwil software\avast4\ashmaisv.exe (avast! Mail Scanner)
• c:\program files\alwil software\avast4\ashwebsv.exe (avast! Web Scanner)
  c:\program files\toshiba\configfree\cfsvcs.exe (ConfigFree Service)

• c:\program files\google\common\google updater\googleupdaterservice.exe (Google Updater Service)
  c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe (InstallDriver Table Manager)
  c:\program files\intel\wireless\bin\evteng.exe (Intel(R) PROSet/Wireless Event Log)
  c:\program files\intel\wireless\bin\regsrvc.exe (Intel(R) PROSet/Wireless Registry Service)
  c:\program files\intel\wireless\bin\s24evmon.exe (Intel(R) PROSet/Wireless Service)

• c:\program files\common files\logishrd\srvlnch\srvlnch.exe (LVSrvLauncher)
  c:\windows\system32\hbfrfyva.exe (Print Spooler Service)
  c:\program files\spyware terminator\sp_rsser.exe (Spyware Terminator Realtime Shield Service)
  c:\program files\toshiba\toshiba applet\tappsrv.exe (TOSHIBA Application Service)
  c:\progra~1\common~1\x10\common\x10nets.exe (X10 Device Network Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)

C:\WINDOWS\system32\drivers\aegisp.sys (AEGIS Protocol (IEEE 802.1x) v3.5.3.0)
c:\windows\system32\drivers\asctrm.sys (ASCTRM)

• c:\windows\system32\drivers\aswrdr.sys (aswRdr)
• c:\windows\system32\drivers\aavmker4.sys (avast! Asynchronous Virus Monitor)
• c:\windows\system32\drivers\aswtdi.sys (avast! Network Shield Support)
• c:\windows\system32\drivers\aswmon2.sys (avast! Standard Shield Support)
  C:\WINDOWS\system32\drivers\tosrfec.sys (Bluetooth ACPI from TOSHIBA)
  c:\windows\system32\drivers\cdr4_xp.sys (Cdr4_xp)
  c:\windows\system32\drivers\cdralw2k.sys (Cdralw2k)
  c:\windows\system32\drivers\cdudf_xp.sys (cdudf_xp)

• c:\windows\system32\drivers\changer.sys (Changer)
  C:\WINDOWS\system32\dla\dlaboiom.sys (DLABOIOM)
  C:\WINDOWS\system32\drivers\dlacdbhm.sys (DLACDBHM)
  C:\WINDOWS\system32\dla\dladresn.sys (DLADResN)
  C:\WINDOWS\system32\dla\dlaifs_m.sys (DLAIFS_M)
  C:\WINDOWS\system32\dla\dlaopiom.sys (DLAOPIOM)
  C:\WINDOWS\system32\dla\dlapoolm.sys (DLAPoolM)
  C:\WINDOWS\system32\drivers\dlartl_n.sys (DLARTL_N)
  C:\WINDOWS\system32\dla\dlaudf_m.sys (DLAUDF_M)

C:\WINDOWS\system32\dla\dlaudfam.sys (DLAUDFAM)
C:\WINDOWS\system32\drivers\drvmcdb.sys (DRVMCDB)
C:\WINDOWS\system32\drivers\drvnddm.sys (DRVNDDM)
c:\windows\system32\drivers\dvd_2k.sys (dvd_2K)
c:\windows\system32\drivers\dvdvrrdr_xp.sys (DVDVRRdr_xp)

• c:\windows\system32\drivers\i2omgmt.sys (i2omgmt)
  C:\WINDOWS\system32\drivers\iviaspi.sys (IVI ASPI Shell)
• c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)

• C:\WINDOWS\system32\drivers\lvckap.sys (Logitech AEC Driver)
• C:\WINDOWS\system32\drivers\lvmvdrv.sys (Logitech Machine Vision Engine Loader)

• c:\windows\system32\drivers\lv561av.sys (Logitech QuickCam Express(PID_0928))
• c:\windows\system32\drivers\lvusbsta.sys (Logitech USB Monitor Filter)
  c:\windows\system32\drivers\mmc_2k.sys (mmc_2K)
  C:\WINDOWS\system32\drivers\pfc.sys (Padus ASPI Shell)
• c:\windows\system32\drivers\pcidump.sys (PCIDump)
• c:\windows\system32\drivers\pdcomp.sys (PDCOMP)
• c:\windows\system32\drivers\pdframe.sys (PDFRAME)
• c:\windows\system32\drivers\pdreli.sys (PDRELI)
• c:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
  c:\windows\system32\drivers\pwd_2k.sys (pwd_2k)
  c:\windows\system32\drivers\pxark.sys (pxark)
  C:\WINDOWS\system32\drivers\pxhelp20.sys (PxHelp20)
  c:\windows\system32\drivers\sp_rsdrv2.sys (Spyware Terminator Driver 2)
  C:\WINDOWS\system32\drivers\nbsmi.sys (Toshiba Mobile PC Service)
  C:\WINDOWS\system32\drivers\netdevio.sys (TOSHIBA Network Device Usermode I/O Protocol)
  C:\WINDOWS\system32\drivers\tvs.sys (TOSHIBA Virtual Sound with SRS technologies)
  c:\windows\system32\drivers\udfreadr.sys (UDFReadr)
• c:\windows\system32\drivers\wanatw4.sys (WAN Miniport (ATW))
• c:\windows\system32\drivers\wdica.sys (WDICA)
  C:\WINDOWS\system32\drivers\s24trans.sys (WLAN Transport)

030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter

C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler

c:\program files\common files\microsoft shared\information retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}
c:\progra~1\crawler\toolbar\ctbr.dll (Crawler.com) {4D25FB7A-8902-4291-960E-9ADA051CFBBF}

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}

040 HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

c:\progra~1\crawler\toolbar\ctbr.dll (Crawler.com) {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar

c:\progra~1\crawler\toolbar\ctbr.dll (Crawler.com) {4B3803EA-5230-4DC3-A7FC-33638F3D3542}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions

• c:\program files\messenger\msmsgs.exe {FB5F1910-F110-11d2-BB9E-00C04F795683}
• c:\documents and settings\lisa richardson\start menu\programs\imvu\run imvu.lnk {d9288080-1baa-4bc4-9cf8-a92d743db949}

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

c:\program files\windows desktop search\msnlnamespacemgr.dll (Microsoft Corporation) {56F9679E-7826-4C84-81F3-532071A8BCC5}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

GUID / CLSID not found {02478D38-C3F9-4efb-9B51-7695ECA05670}
GUID / CLSID not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
GUID / CLSID not found {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\progra~1\crawler\toolbar\ctbr.dll (Crawler.com) {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
c:\windows\system32\dla\dlashx_w.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

• c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
  c:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
  c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}

• deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
  c:\windows\system32\dla\dlashx_w.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
  c:\windows\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
  c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
  c:\program files\sonic\recordnow!\shlext.dll {E91B2703-013E-4A99-AD33-2B6FB00AA356}
  c:\program files\sonic\recordnow!\shlext.dll {DEE12703-6333-4D4E-8F34-738C4DCC2E04}
  c:\program files\roxio\easy media creator 7\drag to disc\shellex.dll (Roxio) {5E44E225-A408-11CF-B581-008029601108}
  c:\windows\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
  c:\windows\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
  c:\program files\spyware terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
  c:\program files\roxio\easy media creator 7\creator classic\targetfinder.dll {0873D142-79EF-49fa-81B5-211AAC0B0A7F}
  c:\program files\windows desktop search\msnlext.dll (Microsoft Corporation) {13E7F612-F261-4391-BEA2-39DF4F3FA311}
  c:\program files\windows desktop search\oeph.dll (Microsoft Corporation) {D426CFD0-87FC-4906-98D9-A23F5D515D61}
  c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers

c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

C:\WINDOWS\system32\ebpmon24.dll (SEIKO EPSON CORPORATION)
C:\WINDOWS\system32\lxprmon.dll
C:\WINDOWS\system32\tbtmon.dll (Toshiba America Business Solutions, Inc.)

100 Internet Explorer settings

CustomizeSearch HKLM : http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
SearchAssistant HKLM : http://www.crawler.com/search/ie.aspx?tb_id=60327
Start Page HKCU : http://www.blueyonder.co.uk/

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units

• c:\windows\downlo~1\ewidoo~1.dll (Anti-Malware Development a.s.) {193C772A-87BE-4B19-A7BB-445B226FE9A1}
  c:\windows\downloaded program files\snapfishactivia1000.ocx (Snapfish) {406B5949-7190-4245-91A9-30A17DE16AD0}
  GUID / CLSID not found {8AD9C840-044E-11D1-B3E9-00805F499D93}
  GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
  c:\windows\system32\crusher.dll (AmericanGreetings.com) {BD8667B7-38D8-4C77-B580-18C3E146372C}
  GUID / CLSID not found {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
  GUID / CLSID not found {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
• c:\program files\virtools\3d life player\webplayer.ocx (Virtools SA) {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}
• c:\windows\system32\flashax\flashax.ocx (Microgaming Systems) {D8089245-3211-40F6-819B-9E5E92CD61A2}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt

&AOL Toolbar search : res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Crawler Search : tbr:iemenu

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

{2265eb70-73f8-11db-a80d-00038a000015} : E:\LaunchU3.exe

173 HKCR*\shellex\ContextMenuHandlers

• c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
  c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  c:\program files\spyware terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}

hope i have copy the right thing
i