Hello all, Seems I only have a very small part of this CW problem (left?)in my WinXP. Since several weeks Windows is asking for svchost32.exe after start-up. As far as I can see this is the only effect on my system sofar. FYI: I use Bullguard 3.5 as virus protection and firewall. Ran CWShredder last night and it couln't find any of the files it was looking for and did not find a reason to correct any of the other things it scanned. Any idea how I can get rid of Win asking for this stupid file?

Let's have a look, Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply. HijackThis!

Ok Tom41, here we go: Logfile of HijackThis v1.97.3 Scan saved at 14:41:44, on 29-10-2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.exe C:\WINDOWS\System32\PackethSvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\xcommsvr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\LXSUPMON.exe C:\Program Files\Visual Networks\Assistant Connexion Tiscali IPI 5.5 \France\IPMon32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Netscape\Netscape 6\Netscp.exe C:\Program Files\FreeRAM XP Pro 1.31.exe C:\Program Files\BullGuard\mgui.exe C:\Program Files\BullGuard\avxlive.exe C:\Program Files\BullGuard\avxnews.exe C:\Program Files\Dialer Tiscali\Dialer.exe C:\Program Files\CompuServe 6.0\wcs2000.exe D:\Program Files\ICQ\Icq.exe C:\WINDOWS\System32\taskmgr.exe C:\WINDOWS\system32\ntvdm.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Wiche\Local Settings\TEMP\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cf.icq.com/cf/2000b/default.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fr.netscape.com/fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fr.netscape.com/fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.fr.netscape.com/fr/home/winsearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: CleverHook Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\jeired.dll F0 - system.ini: Shell=explorer.exe svchost32.exe F2 - REG:system.ini: Shell=explorer.exe svchost32.exe O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\jeired.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - D:\Program Files\FerretBand.dll O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.exe RUN O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\FreeRAM XP Pro 1.31.exe" -win O4 - Global Startup: CompuServe 6.0-werkbalkpictogram.lnk = C:\Program Files\CompuServe 6.0\cstray.exe O4 - Global Startup: BullGuard.lnk = ? O4 - Global Startup: BullGuard Update.lnk = C:\Program Files\BullGuard\avxlive.exe O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.fr/ O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{91F175B7-5A15-46B7-B6BC-739CE17A000A}: NameServer = 213.36.80.1

Run HT again and check the following items. Next, close all browser Windows, and have HT 'fix checked'. You Must restart your computer when you're done. R3 - URLSearchHook: CleverHook Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\jeired.dll F0 - system.ini: Shell=explorer.exe svchost32.exe F2 - REG:system.ini: Shell=explorer.exe svchost32.exe O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\jeired.dll

Tom41 I owe you one!! Followed your advice and finally got rid of this windows request for svchost32.exe Maybe even got rid of more s--- that I didn't notice??? Thanks very much!!