Hi all iam a newb i have red x on c: and lots of pos tmp.files pls help. thx.

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please download Atribune's VundoFix.exe from the following site to your desktop:

Vundofix.exe

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,
click "yes".

Once you click yes, your desktop will go blank as it starts removing
Vundo.

When completed, it will prompt that it will reboot your computer,
click "ok".

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

thx for reply here is hijjackthis logo.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:13, on 21-2-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {75027e70-ba7a-621b-9854-155f05be6816} - {6186eb50-f551-4589-b126-a7ab07e72057} - C:\WINDOWS\system32\fodhwini.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd....
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/Sl...
O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.iraqvoice.com/vs243.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/insta...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zyl...
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: auzuosyl - auzuosyl.dll (file missing)
O20 - Winlogon Notify: cbxxyyx - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

--
End of file - 7784 bytes

and here is combofix logo.
ComboFix 08-02-21 - llll 2008-02-21 12:47:10.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\llll\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

[color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color]
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\llll\Application Data\storageprotector
C:\Documents and Settings\llll\Application Data\storageprotector\Logs\update.log
C:\Program Files\outlook
C:\setup.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\dyrsrkll.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oiofgptp.ini
C:\WINDOWS\system32\scwcemwa.ini
C:\WINDOWS\Fonts\'

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))
.

2008-02-20 18:17 . 2008-02-20 18:17 <DIR> d-------- C:\Program Files\MSN Messenger
2008-02-20 16:51 . 2008-02-20 16:51 <DIR> d-------- C:\VundoFix Backups
2008-02-20 11:45 . 2008-02-20 15:52 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-20 11:27 . 2008-02-20 11:26 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-20 11:25 . 2008-02-20 12:10 <DIR> d-------- C:\Documents and Settings\llll\.housecall6.6
2008-02-16 12:26 . 2008-02-19 13:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 12:26 . 2008-02-16 12:26 <DIR> d-------- C:\Documents and Settings\llll\Application Data\SUPERAntiSpyware.com
2008-02-16 12:26 . 2008-02-16 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-13 14:47 . 2008-02-13 14:47 832 --a------ C:\pos1AB.rar
2008-02-13 12:33 . 2008-02-13 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-13 09:48 . 2008-02-13 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-13 09:47 . 2008-02-20 15:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 20:55 . 2008-02-12 20:55 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-12 19:08 . 2008-02-13 08:56 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-02-12 19:08 . 2008-02-12 19:08 <DIR> d-------- C:\Program Files\MSECACHE
2008-02-12 16:33 . 2008-02-12 16:33 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-02-12 16:33 . 2008-02-12 16:33 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-02-12 16:31 . 2008-02-12 16:31 <DIR> d-------- C:\Documents and Settings\llll\Application Data\Sunbelt Software
2008-02-11 18:59 . 2008-02-13 12:27 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
2008-02-11 18:58 . 2008-02-12 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-11 18:51 . 2008-02-11 18:51 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-11 18:03 . 2008-02-12 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-11 17:41 . 2008-02-11 17:41 <DIR> d--h----- C:\kleaner.tmp
2008-02-11 17:12 . 2008-02-12 13:14 151 --a------ C:\WINDOWS\wininit.ini
2008-02-11 15:28 . 2008-02-11 15:28 <DIR> d-------- C:\Program Files\doc
2008-02-11 14:22 . 2008-02-11 14:22 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-04 13:33 . 2008-02-11 08:24 <DIR> d-------- C:\Program Files\AskPBar
2008-02-02 12:28 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-02 12:28 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-02 12:28 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-02 12:28 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-02 12:28 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-02 12:28 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-02 12:28 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-02 12:28 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-02 12:28 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-02 12:17 . 2006-06-02 20:34 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 07:00 --------- d-----w C:\Documents and Settings\llll\Application Data\AVG7
2008-02-20 17:10 --------- d-----w C:\Program Files\Common Files\Real
2008-02-20 16:37 --------- d-----w C:\Program Files\Google
2008-02-13 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-13 08:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 18:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-11 16:34 --------- d-----w C:\Documents and Settings\llll\Application Data\LimeWire
2008-02-05 15:47 --------- d-----w C:\Documents and Settings\llll\Application Data\Paltalk
2008-02-03 14:41 --------- d-----w C:\Program Files\Paltalk Messenger
2008-01-14 20:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-13 09:30 --------- d-----w C:\Program Files\BitComet
2008-01-11 16:28 --------- d-----w C:\Program Files\BitDownload
2008-01-10 20:29 --------- d-----w C:\Documents and Settings\llll\Application Data\HP
2008-01-10 20:16 --------- d-----w C:\Program Files\Common Files\HP
2008-01-10 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-01-10 20:14 --------- d-----w C:\Program Files\HP
2008-01-10 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-01-08 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-06 23:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-06 18:41 --------- d-----w C:\Program Files\Hyves Kwekker
2007-12-26 22:42 --------- d-----w C:\Program Files\Trend Micro
2007-12-26 22:21 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-26 22:20 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-26 22:15 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-20 21:23 72,264 ----a-w C:\Program Files\setup.exe
2007-12-17 16:23 74,124 ----a-w C:\Program Files\release_notes_kav7.0mp1_en.html
2007-12-07 01:08 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-08-02 15:53 536 ----a-w C:\Program Files\setup.reg
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6186eb50-f551-4589-b126-a7ab07e72057}]
C:\WINDOWS\system32\fodhwini.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-13 12:33 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-13 12:33 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\auzuosyl]
auzuosyl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxyyx]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PalStart.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VersionTrackerPro.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\VersionTrackerPro.lnk
backup=C:\WINDOWS\pss\VersionTrackerPro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-02-13 12:33 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 09:03 15360 C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE Privacy Keeper]
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2003-07-13 01:49 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=2 (0x2)

R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys [2002-12-27 17:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\CDStart.Exe
\Shell\Install\Command - E:\Stub.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-21 11:25:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 12:58:18
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
r Running Proce
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
.
**************************************************************************
.
Voltooingstijd: 2008-02-21 13:04:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 12:04:24
.
2008-02-18 23:41:05 --- E O F ---

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\pos1AB.rar
C:\WINDOWS\system32\SBRC.dat
C:\WINDOWS\system32\SBFC.dat
C:\kleaner.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\fodhwini.dll

Driver::
auzuosyl
cbxxyyx

Folder::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6186eb50-f551-4589-b126-a7ab07e72057}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\auzuosyl]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxyyx]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Post a new Combofix log.

thx for reply i did what u said here is combifix log again but still red x.
ComboFix 08-02-21 - llll 2008-02-21 16:28:46.2 - NTFSx86
Gestart vanuit: C:\Documents and Settings\llll\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\llll\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

[color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color]

FILE ::
C:\kleaner.tmp
C:\pos1AB.rar
C:\WINDOWS\system32\fodhwini.dll
C:\WINDOWS\system32\SBFC.dat
C:\WINDOWS\system32\SBRC.dat
C:\WINDOWS\system32\vbzip10.dll
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pos1AB.rar
C:\WINDOWS\system32\SBFC.dat
C:\WINDOWS\system32\SBRC.dat
C:\WINDOWS\system32\vbzip10.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))
.

2008-02-21 13:27 . 2008-02-21 13:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-21 13:27 . 2008-02-21 13:27 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-21 13:27 . 2008-02-21 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-20 18:17 . 2008-02-20 18:17 <DIR> d-------- C:\Program Files\MSN Messenger
2008-02-20 16:51 . 2008-02-20 16:51 <DIR> d-------- C:\VundoFix Backups
2008-02-20 11:45 . 2008-02-20 15:52 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-20 11:27 . 2008-02-20 11:26 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-20 11:25 . 2008-02-20 12:10 <DIR> d-------- C:\Documents and Settings\llll\.housecall6.6
2008-02-16 12:26 . 2008-02-19 13:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 12:26 . 2008-02-16 12:26 <DIR> d-------- C:\Documents and Settings\llll\Application Data\SUPERAntiSpyware.com
2008-02-16 12:26 . 2008-02-16 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-13 12:33 . 2008-02-13 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-13 09:48 . 2008-02-13 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-13 09:47 . 2008-02-20 15:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 20:55 . 2008-02-12 20:55 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-12 19:08 . 2008-02-13 08:56 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-02-12 19:08 . 2008-02-12 19:08 <DIR> d-------- C:\Program Files\MSECACHE
2008-02-12 16:31 . 2008-02-12 16:31 <DIR> d-------- C:\Documents and Settings\llll\Application Data\Sunbelt Software
2008-02-11 18:59 . 2008-02-13 12:27 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
2008-02-11 18:58 . 2008-02-12 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-11 18:51 . 2008-02-11 18:51 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-11 18:03 . 2008-02-12 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-11 17:41 . 2008-02-11 17:41 <DIR> d--h----- C:\kleaner.tmp
2008-02-11 17:12 . 2008-02-12 13:14 151 --a------ C:\WINDOWS\wininit.ini
2008-02-11 15:28 . 2008-02-11 15:28 <DIR> d-------- C:\Program Files\doc
2008-02-04 13:33 . 2008-02-11 08:24 <DIR> d-------- C:\Program Files\AskPBar
2008-02-02 12:28 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-02 12:28 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-02 12:28 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-02 12:28 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-02 12:28 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-02 12:28 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-02 12:28 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-02 12:28 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-02 12:28 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-02 12:17 . 2006-06-02 20:34 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 07:00 --------- d-----w C:\Documents and Settings\llll\Application Data\AVG7
2008-02-20 17:10 --------- d-----w C:\Program Files\Common Files\Real
2008-02-20 16:37 --------- d-----w C:\Program Files\Google
2008-02-13 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-13 08:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 18:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-11 16:34 --------- d-----w C:\Documents and Settings\llll\Application Data\LimeWire
2008-02-05 15:47 --------- d-----w C:\Documents and Settings\llll\Application Data\Paltalk
2008-02-03 14:41 --------- d-----w C:\Program Files\Paltalk Messenger
2008-01-14 20:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-13 09:30 --------- d-----w C:\Program Files\BitComet
2008-01-11 16:28 --------- d-----w C:\Program Files\BitDownload
2008-01-10 20:29 --------- d-----w C:\Documents and Settings\llll\Application Data\HP
2008-01-10 20:16 --------- d-----w C:\Program Files\Common Files\HP
2008-01-10 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-01-10 20:14 --------- d-----w C:\Program Files\HP
2008-01-10 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-01-08 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-06 23:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-06 18:41 --------- d-----w C:\Program Files\Hyves Kwekker
2007-12-26 22:42 --------- d-----w C:\Program Files\Trend Micro
2007-12-26 22:21 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-26 22:20 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-26 22:15 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-20 21:23 72,264 ----a-w C:\Program Files\setup.exe
2007-12-17 16:23 74,124 ----a-w C:\Program Files\release_notes_kav7.0mp1_en.html
2007-12-07 01:08 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-08-02 15:53 536 ----a-w C:\Program Files\setup.reg
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-13 12:33 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-13 12:33 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PalStart.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VersionTrackerPro.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\VersionTrackerPro.lnk
backup=C:\WINDOWS\pss\VersionTrackerPro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-02-13 12:33 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 09:03 15360 C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE Privacy Keeper]
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2003-07-13 01:49 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=2 (0x2)

R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys [2002-12-27 17:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\CDStart.Exe
\Shell\Install\Command - E:\Stub.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-21 15:25:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 16:32:02
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-02-21 16:33:26
ComboFix-quarantined-files.txt 2008-02-21 15:33:04
ComboFix2.txt 2008-02-21 12:04:30
.
2008-02-18 23:41:05 --- E O F ---

here is the kaspersky scan thx again.

---------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 21, 2008 6:00:35 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/02/2008
Kaspersky Anti-Virus database records: 574456
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 38244
Number of viruses found: 4
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 01:10:01

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.114.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.114.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy145.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_178.dat Object is locked skipped
C:\Documents and Settings\llll\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\llll\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\llll\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\llll\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\llll\Local Settings\Geschiedenis\History.IE5\MSHist012008022120080222\index.dat Object is locked skipped
C:\Documents and Settings\llll\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\llll\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\llll\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP168\A0034303.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP173\A0034681.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP173\A0034702.com Object is locked skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP173\A0034706.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP173\A0034710.exe Object is locked skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP173\A0034711.exe Object is locked skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP173\A0034716.exe Object is locked skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP175\A0035685.exe Object is locked skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP175\A0036685.exe Object is locked skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP175\A0036715.exe Object is locked skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP175\A0038803.exe Object is locked skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP176\A0039921.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP177\A0041158.exe Object is locked skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP179\A0042475.exe Infected: not-a-virus:FraudTool.Win32.SysKontroller.b skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP187\A0046518.dll Object is locked skipped
C:\System Volume Information\_restore{1958C4C3-B12E-41C0-B12B-E458928FC9E8}\RP197\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\Hosts.bak Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Looks like the only infections are locked in the restore folder.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Empty the recycle bin, then your computer should be clean.

How is the computer operating?

thx jab but still red x on c:

This should fix the red X.

Go to start> run> type in notepad > ok. Copy paste the following into notepad making [autorun] the very top line:

[autorun]

ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8

Click "save as"> then using the drop down arrow on the far right of the "save in" window select Local Disk C: to be displayed in the "save in" window.

Next type "C:\autorun.inf" (you must use the quotes) in the file name window> click save.

Restart the computer.

hi jab thx again i did it but i still have adware so i bought norton 360 but when i try to install have problem with microsoft installer. thx again.

Please go to Virus Total and upload the following file for analysis:

C:\Program Files\setup.exe
C:\Program Files\setup.reg

Post the results in your reply.

thx here is it.
Antivirus Versie Laatst geüpdatet Resultaat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious File With Bad Child Associations
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Extra informatie
MD5: c7741300b77e2b86caf2dae69b850d50
SHA1: 1a84825ad82b3d8bf73b18fadb2045670519aca8
SHA256: 8b3b75585a776f283d65aef6c9972e4f241d5a83c97c925d9551174dbcf182c1
SHA512: eb01fa41b399f6b5fe715dd15d4493bfd218a08657c4c267af3c1e4c7f347da2 398c7521a79c33e778d6b680e2829d58a331f1c411d8b8a2e02373876e330345

Go to the following link and download the windows 3.1 installer:

http://www.softwarepatch.com/windows/wininstallnt.html

Then see if you can install your software.

still not thx for reply.

I don't use Norton's but I think I see the problem. From your original Hijack This log Norton's is already installed on the computer. I'm mostly sure that it will have to be remove before it can be reinstalled.

Run Hijack This> click "open the misc. tools section"> click "open uninstall manager"> save list> copy/paste the list created and post it please. This will let us see if it is installed.

Either way the registry may have to be cleaned before it will install.

once again thx for reply here is the hijack log.

Ahead Nero Burning ROM
AVG 7.5
Beveiligingsupdate for Windows XP (KB923689)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows Media Player 9 (KB936782)
Beveiligingsupdate voor Windows XP (KB890046)
Beveiligingsupdate voor Windows XP (KB893756)
Beveiligingsupdate voor Windows XP (KB896358)
Beveiligingsupdate voor Windows XP (KB896423)
Beveiligingsupdate voor Windows XP (KB896428)
Beveiligingsupdate voor Windows XP (KB899587)
Beveiligingsupdate voor Windows XP (KB899591)
Beveiligingsupdate voor Windows XP (KB900725)
Beveiligingsupdate voor Windows XP (KB901017)
Beveiligingsupdate voor Windows XP (KB901214)
Beveiligingsupdate voor Windows XP (KB902400)
Beveiligingsupdate voor Windows XP (KB904706)
Beveiligingsupdate voor Windows XP (KB905414)
Beveiligingsupdate voor Windows XP (KB905749)
Beveiligingsupdate voor Windows XP (KB908519)
Beveiligingsupdate voor Windows XP (KB911562)
Beveiligingsupdate voor Windows XP (KB911927)
Beveiligingsupdate voor Windows XP (KB913580)
Beveiligingsupdate voor Windows XP (KB914388)
Beveiligingsupdate voor Windows XP (KB914389)
Beveiligingsupdate voor Windows XP (KB917344)
Beveiligingsupdate voor Windows XP (KB917953)
Beveiligingsupdate voor Windows XP (KB918118)
Beveiligingsupdate voor Windows XP (KB918439)
Beveiligingsupdate voor Windows XP (KB919007)
Beveiligingsupdate voor Windows XP (KB920213)
Beveiligingsupdate voor Windows XP (KB920670)
Beveiligingsupdate voor Windows XP (KB920683)
Beveiligingsupdate voor Windows XP (KB920685)
Beveiligingsupdate voor Windows XP (KB921503)
Beveiligingsupdate voor Windows XP (KB922819)
Beveiligingsupdate voor Windows XP (KB923191)
Beveiligingsupdate voor Windows XP (KB923414)
Beveiligingsupdate voor Windows XP (KB923980)
Beveiligingsupdate voor Windows XP (KB924270)
Beveiligingsupdate voor Windows XP (KB924496)
Beveiligingsupdate voor Windows XP (KB924667)
Beveiligingsupdate voor Windows XP (KB925902)
Beveiligingsupdate voor Windows XP (KB926255)
Beveiligingsupdate voor Windows XP (KB926436)
Beveiligingsupdate voor Windows XP (KB927779)
Beveiligingsupdate voor Windows XP (KB927802)
Beveiligingsupdate voor Windows XP (KB928255)
Beveiligingsupdate voor Windows XP (KB928843)
Beveiligingsupdate voor Windows XP (KB929123)
Beveiligingsupdate voor Windows XP (KB930178)
Beveiligingsupdate voor Windows XP (KB931261)
Beveiligingsupdate voor Windows XP (KB931784)
Beveiligingsupdate voor Windows XP (KB932168)
Beveiligingsupdate voor Windows XP (KB933729)
Beveiligingsupdate voor Windows XP (KB935839)
Beveiligingsupdate voor Windows XP (KB935840)
Beveiligingsupdate voor Windows XP (KB936021)
Beveiligingsupdate voor Windows XP (KB937894)
Beveiligingsupdate voor Windows XP (KB938127)
Beveiligingsupdate voor Windows XP (KB938829)
Beveiligingsupdate voor Windows XP (KB939653)
Beveiligingsupdate voor Windows XP (KB941202)
Beveiligingsupdate voor Windows XP (KB941568)
Beveiligingsupdate voor Windows XP (KB941644)
Beveiligingsupdate voor Windows XP (KB942615)
Beveiligingsupdate voor Windows XP (KB943055)
Beveiligingsupdate voor Windows XP (KB943460)
Beveiligingsupdate voor Windows XP (KB943485)
Beveiligingsupdate voor Windows XP (KB944533)
Beveiligingsupdate voor Windows XP (KB944653)
Beveiligingsupdate voor Windows XP (KB946026)
CCleaner (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB914440)
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart-camera's 9.0
HP Solution Center 9.0
Hyves Kwekker 1.1b
Kaspersky Online Scanner
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
PaltalkScene
PC Camera (6009 CIF)
Registry Genius v3.0
Security Update for CAPICOM (KB931906)
Spybot - Search & Destroy
SUPERAntiSpyware Professional
Update voor Windows XP (KB894391)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB900485)
Update voor Windows XP (KB904942)
Update voor Windows XP (KB908531)
Update voor Windows XP (KB910437)
Update voor Windows XP (KB911280)
Update voor Windows XP (KB916595)
Update voor Windows XP (KB920872)
Update voor Windows XP (KB922582)
Update voor Windows XP (KB927891)
Update voor Windows XP (KB930916)
Update voor Windows XP (KB933360)
Update voor Windows XP (KB936357)
Update voor Windows XP (KB938828)
Update voor Windows XP (KB942763)
Update voor Windows XP (KB942840)
Update voor Windows XP (KB946627)
Windows Desktop Search 3.01
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked" (some items may not exist as we are using the old Hijack This log):

O2 - BHO: {75027e70-ba7a-621b-9854-155f05be6816} - {6186eb50-f551-4589-b126-a7ab07e72057} - C:\WINDOWS\system32\fodhwini.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/as...

O20 - Winlogon Notify: auzuosyl - auzuosyl.dll (file missing)

O20 - Winlogon Notify: cbxxyyx - C:\WINDOWS\

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

Exit Hijack This.

Try to install Norton 360, if no luck do the following.

Navigate to and delete this folder:

C:\Program Files\Common Files\Symantec Shared

Download a AVG Free to your desktop but do not install it.

Go offline and uninstall AVG 7.5 from add/remove programs.

Try to install Norton's 360, if no luck install AVG Free go online and update AVG Free then contact Norton.

how do i go offline? thx

Disconnect from the internet.