Home > Hjt Log > HJT Log - Winactive.exe & Winhost32.exe

HJT Log - Winactive.exe & Winhost32.exe

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot" then...... Click here to Register a free account now! Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems and to LavaSoft With Best Regards, Nilesh Jain Back to top #14 HJThis HJThis Advanced Member Volunteer Security Advisor 4076 posts Posted 19 December 2007 - 08:33 PM Hi.NileshAnytime glad to

Advertisement Bizman Thread Starter Joined: Mar 30, 2004 Messages: 4 I have gotten the winactive.exe file and the winhost32.exe file on my machine and they have taken over. Enduser & Server Endpoint Protection Comprehensive security for users and data. Bad news for spam. Thanks.

TechSpot Account Sign up for free, it takes 30 seconds. Change the Launching programs and files in an IFRAME to Prompt f. Could you come back here with the results please.Please submit the following files for analysis.Jotti File Submission:[*]Please go to Jotti's malware scan[*]Copy and paste the following file path into the "File This is what made me suspect my mother in law has a trojan or malware running somwwhere?

Below is my HijackThis Salvatore=======Logfile of HijackThis v1.99.1Scan saved at 12:16:43 AM, on 26/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dllO9 - Extra 'Tools' menuitem: Yahoo! I have to travel oversease after 2 days!!!Thanks a lot,Nilesh Jain Edited by LS CalamityJane, 04 April 2008 - 06:37 PM. http://security.symantec.com/default.asp?

Tentatively, I'm guessing you're having trouble with the homepage.. Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_20_0.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO3 - Toolbar: Super Ad Blocker Toolbar After doing this see if your scanner picks it up again. http://www.trendmicro.com/vinfo/us/threat-encyclopedia/archive/malware/worm_skipi.a I am running on Windows XP.Please help,Thanks,Nilesh Jain--------------------------------Ad-Aware 2007 Log---------------------------------Scan mode: FullScan time: 00:36:37Number of objects scanned: 346692Number of infections found: 239 Critical: 1 Privacy Objects: 238Infections deleted: 239Total infections quarantined:

Open Registry Editor. Solutions Industries Your industry. O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.

W32/Agobot-OT is capable of spreading to computers on the local network protected by weak passwords. http://www.bleepingcomputer.com/forums/t/69723/how-to-remove-deluxecommunications/ o VundoFix backups, if present o The C:\Deckard folder, if present o The C:_OtMoveIt folder, if present * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden Deleting Malware-created AUTORUN.INF/s Right-click Start then click Search... Things seem to be working fine.

I have reloaded XP Pro (used repair from the install option on the CD) and gotten most of the security updates from windows reloaded. the current ref file should read at least 01R277 29.03.2004 or a higher number/later date Then ........ Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Business  For Back to top #5 gringo_pr gringo_pr Bleepin Gringo Malware Response Team 136,771 posts OFFLINE Gender:Male Location:Puerto rico Local time:07:24 PM Posted 29 August 2011 - 12:49 PM Hello I Would

Change the "Save As Type" to "All Files". TechSpot is a registered trademark. Short URL to this thread: https://techguy.org/215905 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? It is not a virus, but a program used to stop system processes.

Check those entries I mentioned in Hijackthis and press fix. It also disables the system from displaying the general-protection-fault message box to hide itself from the user, should any of its code cause problems resulting into a general-protection-fault error. Please re-enable javascript to access full functionality.

Tried spybot S&D and adaware??

To control third party cookies, you can also adjust your browser settings. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Master at 14:09:16 on 2011-08-29 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.758.102 [GMT 1:00] . Join thousands of tech enthusiasts and participate. Then.....and i know you have both these instructions but this is the way to configure them.

Click once on the Custom Level button. We have a VERY mixed set of skills, though, so we won't be able to tell you if we see the problem UNTIL you post it. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. Other than that, I think I pretty much concur with the advice of BrownPaper.

Join our site today to ask your question. Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dllO9 - Extra button: Yahoo! Now click find then find msg.dll, then on the little pop up window, that says killbox file list, press file/create log and a pop up says do you want to create Join the community here, it only takes a minute.

O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB Again REEKs of trouble.. Here is what I recovered from the original McAfee file:10/23/2009 2:15:43 PM "C:\DOCUMENTS AND SETTINGS\MIKE\LOCAL SETTINGS\TEMP\STAT.TMP" "Downloader-BWS,Downloader-BWS" "1"10/23/2009 2:18:41 PM "C:\DOCUMENTS AND SETTINGS\MIKE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\XQF5EIXH\ST14647[1].EXE" "FakeAlert-DZ,FakeAlert-DZ" "1"10/23/2009 2:18:46 PM "C:\DOCUMENTS Free Tools Try out tools for use at home. It is advisable to hide them again after fixing your computer.** Come back with feedback.

Once again, Thanks a lot to you.. And now have a look at these last steps again if there is a problem let us know.Please take these following steps to help prevent reinfection:1) Download and install Javacool's SpywareBlaster http://housecall.trendmicro.com/ http://www.pandasoftware.com/activescan/ http://www.ravantivirus.com/scan/ Re-boot again.