Two Instances of Explorer.exe

paul2-0-0-2

OSNN Senior Addict
Joined
9 Jul 2002
Messages
979
Kinda off Topic soz though i'd ask in here instead of makeing a new thread since you posted that Link

But sometimes i have 2 .explorers in Task Manger Scanned loads of Time NAV2003 and AVG never found any Virus is it normal sometimes to have 2 Running?
 
Well do the have the same name of Explorer.exe, or just similar like Explore.exe or Expl0rer.exe
 
Paul: Try running antivirus, Adaware first. If nothing comes up, run HijackThis and paste the log in here. Explorer.exe doesnt ever normally run twice so there is something wrong somewhere.
 
Couldnt get the new version though dunno if that will make any difrence
StartupList report, 14/02/2004, 00:53:02
StartupList version: 1.52
Started from : C:\Documents and Settings\Chandz\Desktop\hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\program files\microangelo\muamgr.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Tweak-XP Pro\tranicon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\winservn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Ericsson\MOBILE~1\DbgOut.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Chandz\Desktop\hijackthis\HijackThis.exe
C:\Documents and Settings\Chandz\Desktop\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Chandz\Start Menu\Programs\Startup]
DigiGuide.lnk = C:\Program Files\DigiGuide TV Guide\client00.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CloneCDElbyCDFL = "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
TimerModule = C:\WINDOWS\System32\TimerModule.exe
Desksite CMA = c:\program files\desksite\bin\cma.exe
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
Zone Labs Client = C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
MOD = c:\program files\microangelo\muamgr.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
AVG_CC = C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
WinampAgent = C:\Program Files\Winamp\winampa.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

IDMan = C:\Program Files\Internet Download Manager\IDMan.exe /onboot
TransparentIcons = "C:\Program Files\Tweak-XP Pro\tranicon.exe" -ex
Tweak-XP =
PicoZip = C:\PROGRA~1\PicoZip\PicoZipTray.exe
CursorXP = C:\Program Files\CursorXP\CursorXP.exe
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
StatusDP = "C:\DOCUME~1\Chandz\LOCALS~1\Temp\Rar$EX00.859\dpstatus.exe"
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
Uptime-Project = C:\Documents and Settings\Chandz\Desktop\client\client.exe
ContentService = C:\WINDOWS\System32\winservn.exe
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[svchost]
= c:\windows\system\winlogon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll - {00C6482D-C502-44C8-8409-FCE54AD9C208}
(no name) - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\System32\IETie.dll - {9527D42F-D666-11D3-B8DD-00600838CD5F}
(no name) - C:\PROGRA~1\FlashGet\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Xi\Net Transport\NTIEHelper.dll - {C56CB6B0-0D96-11D6-8C65-B2868B609932}

--------------------------------------------------
 
Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\WINDOWS\System32\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[sys Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitStop.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[iCC Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll
CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab

[{29C13B62-B9F7-4CD3-8CEF-0A58A1A99441}]
CODEBASE = http://fdl.msn.com/public/chat/msnchat41.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[Cult3D ActiveX Player]
InProcServer32 = C:\WINDOWS\System32\Cult3D\IECult.dll
CODEBASE = http://www.cult3d.com/download/cult.cab

[EricClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EricControl.dll
CODEBASE = http://www.gsmserver.com/info/EricControl.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/uk/win/QuickTimeInstaller.exe

[Pixami Image Editor Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BPIMAG~1.OCX
CODEBASE = http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30

[{525A15D0-4938-11D4-94C7-0050DA20189B}]
CODEBASE = http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

[{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
CODEBASE = http://207.188.7.150/26d72d4f2b0237512819/netzip/RdxIE2.cab

[{5E943D9C-F8DC-4258-8E3F-A61BB3405A33}]
CODEBASE = http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802

[FileSharingCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\fsmsngr_en.dll
CODEBASE = http://appdirectory.messenger.msn-int.com/AppDirectory/P4Apps/FileSharing/en/fsmsngr_en.dll

[PWMediaSendControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PWActiveXImgCtl.dll
CODEBASE = http://216.249.24.140/code/PWActiveXImgCtl.CAB

[{6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2}]
CODEBASE = http://www.gigex.com/tv/igor/gigexagent.dll

[GSDACtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll
CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/80a25dd3ec062c/housecall.antivirus.com/housecall/xscan53.cab

[{7A32634B-029C-4836-A023-528983982A49}]
CODEBASE = http://fdl.msn.com/public/chat/msnchat42.cab

[Flo2_L2 Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\NG03_F~1.OCX
CODEBASE = http://www.nokiagame.com/games/2K1E4R5Vem5ui1Sw1Wyas/flo2_l2.cab

[Java Plug-in 1.4.0_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll

[InstallShield International Setup Player]
InProcServer32 = c:\windows\DOWNLO~1\isetup.dll
CODEBASE = http://www.installengine.com/engine/isetup.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoftware.com/activescan/as/asinst.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37616.3919097222

[YahooYMailTo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ymmapi.dll
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll

[WTHoster Class]
InProcServer32 = C:\WINDOWS\wt\webdriver\wthostctl.dll
CODEBASE = http://www.wildtangent.com/install/wdriver/sportsgames/nikefootball/nike/wtinst.cab

[Mophun Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\mophun.ocx
CODEBASE = http://www.mophun.com/codebase/mophun.cab

[LiveX(5.3.0.0) Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\LiveX_E.ocx
CODEBASE = http://canasta.no-ip.com/cab/Live.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

[{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]

[{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[{E87A6788-1D0F-4444-8898-1D25829B6755}]
CODEBASE = http://fdl.msn.com/public/chat/msnchat4.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
CODEBASE = http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab

[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
CODEBASE = http://sea1fd.sea1.hotmail.msn.com/activex/HMAtchmt.ocx

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Chandz\LOCALS~1\Temp\~f51e43.tmp||C:\DOCUME~1\Chandz\LOCALS~1\Temp\~f51e43.tmp||C:\DOCUME~1\Chandz\LOCALS~1\Temp\~f51e43.tmp||C:\DOCUME~1\Chandz\LOCALS~1\Temp\~f51e43.tmp||C:\DOCUME~1\Chandz\LOCALS~1\Temp\~f51e43.tmp||C:\DOCUME~1\Chandz\LOCALS~1\Temp\irsetup.exe||C:\DOCUME~1\Chandz\LOCALS~1\Temp\irsetup.exe||C:\DOCUME~1\Chandz\LOCALS~1\Temp\irsetup.exe||C:\DOCUME~1\Chandz\LOCALS~1\Temp\irsetup.exe


--------------------------------------------------


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 12,383 bytes
Report generated in 0.718 seconds
 
Running Process:

C:\WINDOWS\system32\slserv.exe

Kill that, thats not a windows process

(no name) - C:\WINDOWS\System32\IETie.dll - {9527D42F-D666-11D3-B8DD-00600838CD5F}

(no name) - C:\Program Files\Xi\Net Transport\NTIEHelper.dll - {C56CB6B0-0D96-11D6-8C65-B2868B609932}

Those 2 regkeys dont look familiar, may be malicious.
 
Tiesto said:
Running Process:

C:\WINDOWS\system32\slserv.exe

Kill that, thats not a windows process

(no name) - C:\WINDOWS\System32\IETie.dll - {9527D42F-D666-11D3-B8DD-00600838CD5F}

(no name) - C:\Program Files\Xi\Net Transport\NTIEHelper.dll - {C56CB6B0-0D96-11D6-8C65-B2868B609932}

Those 2 regkeys dont look familiar, may be malicious.

Thanx

Found out 2 are fine (Y)

slserv.exe Aztech Modem Driver

(no name) - C:\Program Files\Xi\Net Transport\NTIEHelper.dll - {C56CB6B0-0D96-11D6-8C65-B2868B609932}


EDIT

Download Accelerator Program i use lol which has Spwyare thats what the NTIEHelper.dll is
 
Yes Paul, don't remove those. What does need to be removed however is:

1)

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[svchost]
= c:\windows\system\winlogon.exe

Winlogon does not reside in \system and Winlogon does not exist as a run entry.

Need to isolate the file and check it.

2)
ContentService = C:\WINDOWS\System32\winservn.exe

ClickSpring Spyware.

If you could remove those then post a HiJackThis Log using the latest download.

http://www.webattack.com/get/hijackthis.html
 
Got rid of winservn with a2/adware yestersday

c:\windows\system\winlogon.exe Cant find that 😕

Tried to get HiJackThis no site seems to be working with the download 😱
 
Thx got it from

http://www.softpedia.com/public/cat/10/17/10-17-69.shtml

They put up some new mirrors which work now
Code:
Logfile of HijackThis v1.97.7
Scan saved at 11:37:54, on 15/02/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\program files\microangelo\muamgr.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Tweak-XP Pro\tranicon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Ericsson\MOBILE~1\DbgOut.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Chandz\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = CHAND
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL
O3 - Toolbar: Find - {8D029AEC-E412-4948-84B5-699A740946AE} - %SystemRoot%\System32\iefind.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [TimerModule] C:\WINDOWS\System32\TimerModule.exe
O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [MOD] c:\program files\microangelo\muamgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
 
Code:
/STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [TransparentIcons] "C:\Program Files\Tweak-XP Pro\tranicon.exe" -ex
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [StatusDP] "C:\DOCUME~1\Chandz\LOCALS~1\Temp\Rar$EX00.859\dpstatus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Uptime-Project] C:\Documents and Settings\Chandz\Desktop\client\client.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: DigiGuide.lnk = C:\Program Files\DigiGuide TV Guide\client00.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Convert and Open - C:\PROGRA~1\Camtech\CONVER~1\ConvertIt.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Allow personal info to reach this site - file://C:\Program Files\GhostSurf\info.allow.html
O8 - Extra context menu item: Allow popups on this site - file://C:\Program Files\GhostSurf\popup.allow.html
O8 - Extra context menu item: Allow this advertisement - file://C:\Program Files\GhostSurf\menu.allowimg.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block personal info from this site - file://C:\Program Files\GhostSurf\info.block.html
O8 - Extra context menu item: Block popups on this site - file://C:\Program Files\GhostSurf\popup.block.html
O8 - Extra context menu item: Block this advertisement - file://C:\Program Files\GhostSurf\menu.blockimg.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - C:\Program Files\Softdigger\FlashRipper\IEMenu.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: GhostSurf Privacy Center (HKLM)
O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - [url]http://download.games.yahoo.com/games/clients/y/potc_x.cab[/url]
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url]http://www.apple.com/qtactivex/qtplugin.cab[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - [url]http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/url]
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - [url]http://www.pcpitstop.com/internet/pcpConnCheck.cab[/url]
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - [url]http://fdl.msn.com/public/chat/msnchat41.cab[/url]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [url]http://download.yahoo.com/dl/installs/yinst.cab[/url]
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - [url]http://www.cult3d.com/download/cult.cab[/url]
O16 - DPF: {405B09E4-BBDA-4564-989E-15DE26B416EA} (EricClient Class) - [url]http://www.gsmserver.com/info/EricControl.cab[/url]
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url]http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/uk/win/QuickTimeInstaller.exe[/url]
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - [url]http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30[/url]
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - [url]http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab[/url]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - [url]http://207.188.7.150/26d72d4f2b0237512819/netzip/RdxIE2.cab[/url]
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - [url]http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802[/url]
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - [url]http://appdirectory.messenger.msn-int.com/AppDirectory/P4Apps/FileSharing/en/fsmsngr_en.dll[/url]
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - [url]http://216.249.24.140/code/PWActiveXImgCtl.CAB[/url]
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - [url]http://www.gigex.com/tv/igor/gigexagent.dll[/url]
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - [url]http://launch.gamespyarcade.com/software/launch/alaunch.cab[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/80a25dd3ec062c/housecall.antivirus.com/housecall/xscan53.cab[/url]
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - [url]http://fdl.msn.com/public/chat/msnchat42.cab[/url]
O16 - DPF: {83B67220-025C-416C-8049-398E12764B36} (Flo2_L2 Control) - [url]http://www.nokiagame.com/games/2K1E4R5Vem5ui1Sw1Wyas/flo2_l2.cab[/url]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) - 
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [url]http://www.installengine.com/engine/isetup.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as/asinst.cab[/url]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - [url]http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37616.3919097222[/url]
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll[/url]
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - [url]http://www.wildtangent.com/install/wdriver/sportsgames/nikefootball/nike/wtinst.cab[/url]
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - [url]http://www.mophun.com/codebase/mophun.cab[/url]
O16 - DPF: {BF5E26B7-7087-4C2D-B0BA-0098F7CBED6B} (LiveX(5.3.0.0) Control) - [url]http://canasta.no-ip.com/cab/Live.cab[/url]
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - [url]http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - 
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - [url]http://fdl.msn.com/public/chat/msnchat4.cab[/url]
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - [url]http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab[/url]
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url]http://sea1fd.sea1.hotmail.msn.com/activex/HMAtchmt.ocx[/url]
 
Code:
StartupList report, 15/02/2004, 11:46:17
StartupList version: 1.52
Started from : C:\Documents and Settings\Chandz\Desktop\hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\program files\microangelo\muamgr.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Tweak-XP Pro\tranicon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Ericsson\MOBILE~1\DbgOut.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Chandz\Desktop\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Chandz\Start Menu\Programs\Startup]
DigiGuide.lnk = C:\Program Files\DigiGuide TV Guide\client00.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

--------------------------------------------------
 
Code:
Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CloneCDElbyCDFL = "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
TimerModule = C:\WINDOWS\System32\TimerModule.exe
Desksite CMA = c:\program files\desksite\bin\cma.exe
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
Zone Labs Client = C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
MOD = c:\program files\microangelo\muamgr.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
AVG_CC = C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
WinampAgent = C:\Program Files\Winamp\winampa.exe
PestPatrol Control Center = C:\Program Files\PestPatrol\PPControl.exe
PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

IDMan = C:\Program Files\Internet Download Manager\IDMan.exe /onboot
TransparentIcons = "C:\Program Files\Tweak-XP Pro\tranicon.exe" -ex
Tweak-XP = 
PicoZip = C:\PROGRA~1\PicoZip\PicoZipTray.exe
CursorXP = C:\Program Files\CursorXP\CursorXP.exe
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
StatusDP = "C:\DOCUME~1\Chandz\LOCALS~1\Temp\Rar$EX00.859\dpstatus.exe"
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
Uptime-Project = C:\Documents and Settings\Chandz\Desktop\client\client.exe
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[svchost]
 = c:\windows\system\winlogon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll - {00C6482D-C502-44C8-8409-FCE54AD9C208}
(no name) - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\PROGRA~1\FlashGet\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Xi\Net Transport\NTIEHelper.dll - {C56CB6B0-0D96-11D6-8C65-B2868B609932}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\WINDOWS\System32\QTPlugin.ocx
CODEBASE = [url]http://www.apple.com/qtactivex/qtplugin.cab[/url]

[sys Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitStop.dll
CODEBASE = [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = [url]http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/url]

[iCC Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll
CODEBASE = [url]http://www.pcpitstop.com/internet/pcpConnCheck.cab[/url]

[{29C13B62-B9F7-4CD3-8CEF-0A58A1A99441}]
CODEBASE = [url]http://fdl.msn.com/public/chat/msnchat41.cab[/url]

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = [url]http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab[/url]

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = [url]http://download.yahoo.com/dl/installs/yinst.cab[/url]

[Cult3D ActiveX Player]
InProcServer32 = C:\WINDOWS\System32\Cult3D\IECult.dll
CODEBASE = [url]http://www.cult3d.com/download/cult.cab[/url]

[EricClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EricControl.dll
CODEBASE = [url]http://www.gsmserver.com/info/EricControl.cab[/url]

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = [url]http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/uk/win/QuickTimeInstaller.exe[/url]

[Pixami Image Editor Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BPIMAG~1.OCX
CODEBASE = [url]http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30[/url]

[{525A15D0-4938-11D4-94C7-0050DA20189B}]
CODEBASE = [url]http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab[/url]

[{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
CODEBASE = [url]http://207.188.7.150/26d72d4f2b0237512819/netzip/RdxIE2.cab[/url]

[{5E943D9C-F8DC-4258-8E3F-A61BB3405A33}]
CODEBASE = [url]http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802[/url]

[FileSharingCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\fsmsngr_en.dll
CODEBASE = [url]http://appdirectory.messenger.msn-int.com/AppDirectory/P4Apps/FileSharing/en/fsmsngr_en.dll[/url]

[PWMediaSendControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PWActiveXImgCtl.dll
CODEBASE = [url]http://216.249.24.140/code/PWActiveXImgCtl.CAB[/url]

[{6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2}]
CODEBASE = [url]http://www.gigex.com/tv/igor/gigexagent.dll[/url]

[GSDACtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll
CODEBASE = [url]http://launch.gamespyarcade.com/software/launch/alaunch.cab[/url]

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = [url]http://a840.g.akamai.net/7/840/537/80a25dd3ec062c/housecall.antivirus.com/housecall/xscan53.cab[/url]

[{7A32634B-029C-4836-A023-528983982A49}]
CODEBASE = [url]http://fdl.msn.com/public/chat/msnchat42.cab[/url]

[Flo2_L2 Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\NG03_F~1.OCX
CODEBASE = [url]http://www.nokiagame.com/games/2K1E4R5Vem5ui1Sw1Wyas/flo2_l2.cab[/url]

[Java Plug-in 1.4.0_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll

[InstallShield International Setup Player]
InProcServer32 = c:\windows\DOWNLO~1\isetup.dll
CODEBASE = [url]http://www.installengine.com/engine/isetup.cab[/url]

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = [url]http://www.pandasoftware.com/activescan/as/asinst.cab[/url]

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = [url]http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37616.3919097222[/url]

[YahooYMailTo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ymmapi.dll
CODEBASE = [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll[/url]

[WTHoster Class]
InProcServer32 = C:\WINDOWS\wt\webdriver\wthostctl.dll
CODEBASE = [url]http://www.wildtangent.com/install/wdriver/sportsgames/nikefootball/nike/wtinst.cab[/url]

[Mophun Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\mophun.ocx
CODEBASE = [url]http://www.mophun.com/codebase/mophun.cab[/url]

[LiveX(5.3.0.0) Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\LiveX_E.ocx
CODEBASE = [url]http://canasta.no-ip.com/cab/Live.cab[/url]

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = [url]http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab[/url]

[{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]

[{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]

[{E87A6788-1D0F-4444-8898-1D25829B6755}]
CODEBASE = [url]http://fdl.msn.com/public/chat/msnchat4.cab[/url]

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
CODEBASE = [url]http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab[/url]

[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
CODEBASE = [url]http://sea1fd.sea1.hotmail.msn.com/activex/HMAtchmt.ocx[/url]

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: c:\windows\system32\winservn.exe||c:\documents and settings\chandz\cookies\chandz@netshelter.adtrix[2].txt


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 11,968 bytes
Report generated in 0.062 seconds
 
Moderation - Thread Split

From the Startup List log:

Windows NT 'Wininit.ini':

PendingFileRenameOperations: c:\windows\system32\winservn.exe||c:\documents and settings\chandz\cookies\chandz@netshelter.adtrix[2].txt

Remove that, its left over from when you removed winservn.exe.
 
Regarding the two instances of Explorer.exe, look in Folder Options - View - Advanced Settings. Likely you have "Launch folder windows in a seperate process" checked. Means the shell and the file manager functions of explorer each run in its own process. Nothing to worry about.
 
Thanx Enyo (Y) 🙂

Checked ports on 2 sites in the list and both passed 🙂

Yes yoyo thats checked thx just asked to be on the safe side when i saw the other thread
 
paul2-0-0-2 said:
Thanx Enyo (Y) 🙂

Checked ports on 2 sites in the list and both passed 🙂

Yes yoyo thats checked thx just asked to be on the safe side when i saw the other thread

YoYo hit he nail on its perverbial head 🙂 I too run "Folders in a Seperate Process" and often have 2 explorer's running. Winlogon resides in \system32.
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie Electronic Punk Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. 🙁

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk Sazar Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,016
Messages
673,499
Members
5,630
Latest member
REALMTBENJOYER
Back