i have the h91746.exe virus. i have tried may of the things said in these fourms and none of them seem to work. i have rebooted in safe mode and ran a number of spyware programs. none of them seem to work. does anyone have any suggestions?

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.

Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

here is the log from hijack this. i hope that you can help me.

Logfile of HijackThis v1.97.7
Scan saved at 7:45:18 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\win75E.tmp.exe
F:\spy wear\HijackThis.exe

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

You have an old version of Hijack This which doesn't show all the 018 thru 023 items we need to see to locate the bad file. At the link I posted in Response #1 click the button at the green flashing light to get the newest HT version 1.99.

Go to this link and run Kaspersky"s free online scan http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next >Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here

Please download ATF-Cleaner from this link
http://www.atribune.org/content/view/19/2/ by Atribune.

Download Ewido Security Suite then set it up this way Ewido Setup Instructions

Reboot into safe mode by following the directions at this link How To Boot Into Safe Mode

Run AFT Cleaner from safe mode.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run Ewido from safe mode. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.

Please reboot into normal mode and post the ewido log.

Post the new HT log.

The h91746.exe file belongs to Crystalys Media adware. You may need these removal instructions later.

here is the new scan from HJT hopefully this will help witht the problem

Logfile of HijackThis v1.99.1
Scan saved at 1:48:25 PM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitSpirit\BitSpirit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\win72B.tmp.exe
C:\Documents and Settings\compaq\My Documents\Unzipped\hijackthis\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

here is the ewido log as well, but i tried to run the Kaspersky"s free online scan and it wouldnt download i hope that this doesnt make a difference.

ewido anti-malware - Scan report

+ Created on: 3:08:45 PM, 4/5/2006
+ Report-Checksum: AA8FCE92

+ Scan result:

[732] C:\WINDOWS\system32\winzwr32.dll -> Downloader.Small.cml : Cleaned with backup
:mozilla.11:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.14:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.15:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.16:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.17:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.19:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.20:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.21:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.50:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.53:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.63:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.65:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.77:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.78:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.81:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.82:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.83:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.98:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.99:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.100:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.101:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.102:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.103:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.116:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.119:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.120:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.121:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.143:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.144:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.145:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.146:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.147:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.169:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.170:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.184:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.187:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.188:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.190:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.191:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.192:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.193:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.194:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.195:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.199:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.200:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.201:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.202:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.208:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.209:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.213:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.218:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.249:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.250:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.251:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.252:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.253:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.260:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.274:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.275:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.276:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.277:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.278:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.279:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.292:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.295:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.296:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.297:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.298:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.299:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.300:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.305:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.306:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.308:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.309:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\9unieygr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\WINDOWS\system32\AdService.dll -> Downloader.Small.cml : Cleaned with backup
C:\WINDOWS\system32\winzwr32.dll -> Downloader.Small.cml : Cleaned with backup

::Report End

Reboot into safe mode. Navigate to C:\Windows\Temp and delete the contents of that folder, not the folder itself.

Run ATF-Cleaner again from safe mode then post a new HT log.

i did what you said and deleted the stuff in the folder and i ran both ATF and HT here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 10:36:07 PM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\compaq\My Documents\Unzipped\hijackthis\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144285605\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Delete this item with HT and you are clean:

O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)