h91746.exe virus

Computing.Net > Forums > Security and Virus > h91746.exe virus

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

h91746.exe virus

Name: beachboysurfer17
Date: April 4, 2006 at 18:39:26 Pacific
OS: windows xp
CPU/Ram: amd athlon 64/ 512 ram
Product: compaq

Comment:

i have the h91746.exe virus. i have tried may of the things said in these fourms and none of them seem to work. i have rebooted in safe mode and ran a number of spyware programs. none of them seem to work. does anyone have any suggestions?

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: April 4, 2006 at 18:50:19 Pacific

Reply:

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Response Number 2

Name: beachboysurfer17
Date: April 4, 2006 at 19:46:26 Pacific

Reply:

here is the log from hijack this. i hope that you can help me.
Logfile of HijackThis v1.97.7
Scan saved at 7:45:18 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\win75E.tmp.exe
F:\spy wear\HijackThis.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Response Number 3

Name: jabuck
Date: April 4, 2006 at 20:14:28 Pacific

Reply:

You have an old version of Hijack This which doesn't show all the 018 thru 023 items we need to see to locate the bad file. At the link I posted in Response #1 click the button at the green flashing light to get the newest HT version 1.99.
Go to this link and run Kaspersky"s free online scan http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next >Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here
Please download ATF-Cleaner from this link
http://www.atribune.org/content/view/19/2/ by Atribune.
Download Ewido Security Suite then set it up this way Ewido Setup Instructions
Reboot into safe mode by following the directions at this link How To Boot Into Safe Mode
Run AFT Cleaner from safe mode.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Run Ewido from safe mode. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Please reboot into normal mode and post the ewido log.
Post the new HT log.

Response Number 4

Name: DSE
Date: April 5, 2006 at 01:50:06 Pacific

Reply:

The h91746.exe file belongs to Crystalys Media adware. You may need these removal instructions later.

Response Number 5

Name: beachboysurfer17
Date: April 5, 2006 at 13:50:28 Pacific

Reply:

here is the new scan from HJT hopefully this will help witht the problem
Logfile of HijackThis v1.99.1
Scan saved at 1:48:25 PM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitSpirit\BitSpirit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\win72B.tmp.exe
C:\Documents and Settings\compaq\My Documents\Unzipped\hijackthis\HijackThis.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

lexpps.exe hpqwmi.exe r6025 reboot.exe virus	iexplore.exe virus services.exe virus msa.exe virus
See More

Response Number 6

Name: beachboysurfer17
Date: April 5, 2006 at 15:39:07 Pacific

Reply:

here is the ewido log as well, but i tried to run the Kaspersky"s free online scan and it wouldnt download i hope that this doesnt make a difference.

ewido anti-malware - Scan report

+ Created on: 3:08:45 PM, 4/5/2006
+ Report-Checksum: AA8FCE92
+ Scan result:
[732] C:\WINDOWS\system32\winzwr32.dll -> Downloader.Small.cml : Cleaned with backup
:mozilla.11:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.14:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.15:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.16:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.17:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.19:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.20:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.21:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.50:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.53:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.63:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.65:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.77:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.78:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.81:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.82:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.83:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.98:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.99:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.100:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.101:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.102:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.103:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.116:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.119:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.120:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.121:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.143:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.144:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.145:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.146:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.147:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.169:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.170:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.184:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.187:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.188:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.190:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.191:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.192:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.193:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.194:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.195:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.199:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.200:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.201:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.202:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.208:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.209:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.213:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.218:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.249:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.250:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.251:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.252:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.253:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.260:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.274:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.275:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.276:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.277:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.278:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.279:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.292:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.295:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.296:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.297:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.298:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.299:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.300:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.305:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.306:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.308:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.309:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\WINDOWS\system32\AdService.dll -> Downloader.Small.cml : Cleaned with backup
C:\WINDOWS\system32\winzwr32.dll -> Downloader.Small.cml : Cleaned with backup

::Report End

Response Number 7

Name: jabuck
Date: April 5, 2006 at 18:47:03 Pacific

Reply:

Reboot into safe mode. Navigate to C:\Windows\Temp and delete the contents of that folder, not the folder itself.
Run ATF-Cleaner again from safe mode then post a new HT log.

Response Number 8

Name: beachboysurfer17
Date: April 5, 2006 at 22:47:13 Pacific

Reply:

i did what you said and deleted the stuff in the folder and i ran both ATF and HT here is the log.
Logfile of HijackThis v1.99.1
Scan saved at 10:36:07 PM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\compaq\My Documents\Unzipped\hijackthis\HijackThis.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144285605\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Response Number 9

Name: jabuck
Date: April 6, 2006 at 03:52:28 Pacific

Reply:

Delete this item with HT and you are clean:
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)

Sponsored Link

Ads by Google

pop ups or something else...

my windows/temp folder is...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: h91746.exe virus

h91746.exe cannot get rid of it

Summary

www.computing.net/answers/security/h91746exe-cannot-get-rid-of-it/17862.html

h91746.exe virus?

Summary

www.computing.net/answers/security/h91746exe-virus/18096.html

trojan h91746.exe removal help

Summary

www.computing.net/answers/security/trojan-h91746exe-removal-help/17979.html

From the Geek Dictionary
environment - the surroundings of any living organism,including but not limited to vegeta...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
pc powers on but no boot

need mouse

After an XP reinstall, backup drives go RAW

Computer will not boot

Using wireless card

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE