HijackThis Logfile

[Guest]

I keep getting a Cool Web Search start page. Please let me know how I can fix that. Below is the current HijackThis log I just ran. I really appreciate this service and hope to receive a reply shortly. Thanks very much in advance.


Logfile of HijackThis v1.97.7
Scan saved at 00:23:50, on 24.09.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Programme\Steganos AntiVirus\AVKService.exe
C:\Programme\Steganos AntiVirus\AVKWCtl.exe
C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\atlzm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programme\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\WinPortrait\wpctrl.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\ntno.exe
C:\WINDOWS\System32\dktime.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\WINDOWS\System32\nwdxhyk.exe
C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\raao.exe
C:\WINDOWS\System32\zrlp.exe
C:\Programme\my-playlist\my-playlist.exe
C:\WINDOWS\System32\dktime.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Programme\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programme\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Programme\WinPortrait\floater.exe
C:\Programme\ArtecUSB\ScanPanel\ScnPanel.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Dokumente und Einstellungen\Alexander\Desktop\HijackThis.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {8A5F61F8-BA5C-CA0A-1516-9ABFBA5DB260} - C:\WINDOWS\iexx.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programme\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [ntno.exe] C:\WINDOWS\system32\ntno.exe
O4 - HKLM\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [xpjcgc] C:\WINDOWS\System32\nwdxhyk.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [Mpsw] C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\raao.exe
O4 - HKCU\..\Run: [Tdot] C:\WINDOWS\System32\zrlp.exe
O4 - HKCU\..\Run: [my-playlist] "C:\Programme\my-playlist\my-playlist.exe" /Autostart
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [PowerProf] PowerProf.exe
O4 - HKLM\..\RunOnce: [netxw32.exe] C:\WINDOWS\netxw32.exe
O4 - HKLM\..\RunOnce: [ipxd.exe] C:\WINDOWS\ipxd.exe
O4 - HKLM\..\RunOnce: [ipjl.exe] C:\WINDOWS\ipjl.exe
O4 - HKLM\..\RunOnce: [crlc32.exe] C:\WINDOWS\crlc32.exe
O4 - HKLM\..\RunOnce: [wincq.exe] C:\WINDOWS\wincq.exe
O4 - HKLM\..\RunOnce: [ntre32.exe] C:\WINDOWS\ntre32.exe
O4 - HKLM\..\RunOnce: [apiff.exe] C:\WINDOWS\apiff.exe
O4 - HKLM\..\RunOnce: [sdkys32.exe] C:\WINDOWS\system32\sdkys32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = C:\Programme\ArtecUSB\ScanPanel\ScnPanel.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...edceabcca450006
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CD...TInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8001.2509606481
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} (IEPlugIn Class) - http://install.cokemusic.de/client/pc/MY-P...LLER_loader.exe

[Guest]

u have a virus as well from ur HJT report.

1 change the (R0) default start page for IE to what u want it- it would normaly be listed as a FQDN (eg www.ft.com) and not as an ip addy (194.234.5.7) etc

2 for all the other addys listed below the first main home page remove the addy entry

3 You have a reference to the Bridge.dll library this is spyware and or a virus delete the entry (if u wish to check it first, put it into google and see what u get)

4 u have BHO`s with no name - i always delete these- they could be from aywhere and doing anythin- the fact that they have no name is suspicious

5 the file nwdxyhk. exe looks like more spyware and from memory is the CWSearch executable -check it out with google

6 If u dont want to mess about with some of these settings email me at [email protected] and I will send U a Program to get rid of CWSearch automaticaly

regards

[guestolo]

If you want to get your computer runnning totally spotless
and no more spyware you must post back with a fresh hijackthis log when we do the first initial cleanup....
For some reason, others think that at FIRST you don't succeed, don't try again
Hmmmm, Not too smart...Let me see, screwed up my comp. in 90 days, please fix it overnight, give your head a shake

Download CWShredder
Save it to desktop
Don't run it yet

ownload and Install the free version of Ad-Aware
After installation-[b/CHECK FOR UPDATES[/b]
Don't run it yet

Set Windows to Show Hidden Files and Folders

RESTART your Computer in SAFE MODE

Find and delete these files or folders if they exist

Close all Windows, including this one
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

C:\WINDOWS\system32\ntno.exe <-- file
C:\WINDOWS\System32\dktime.exe  <--file
C:\WINDOWS\System32\nwdxhyk.exe  <--file
C:\WINDOWS\ipxd.exe <--file
C:\WINDOWS\ipjl.exe --file
C:\WINDOWS\crlc32.exe <--file
C:\WINDOWS\wincq.exe <--file
C:\WINDOWS\ntre32.exe <--file
C:\WINDOWS\apiff.exe <--file
C:\WINDOWS\system32\sdkys32.exe <--file
C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\raao.exe <--file

Stay in safe mode
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

O2 - BHO: (no name) - {8A5F61F8-BA5C-CA0A-1516-9ABFBA5DB260} - C:\WINDOWS\iexx.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll

O4 - HKLM\..\Run: [ntno.exe] C:\WINDOWS\system32\ntno.exe
O4 - HKLM\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [xpjcgc] C:\WINDOWS\System32\nwdxhyk.exe

O4 - HKCU\..\Run: [Mpsw] C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\raao.exe
O4 - HKCU\..\Run: [Tdot] C:\WINDOWS\System32\zrlp.exe
O4 - HKCU\..\Run: [my-playlist] "C:\Programme\my-playlist\my-playlist.exe" /Autostart
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [PowerProf] PowerProf.exe
O4 - HKLM\..\RunOnce: [netxw32.exe] C:\WINDOWS\netxw32.exe
O4 - HKLM\..\RunOnce: [ipxd.exe] C:\WINDOWS\ipxd.exe
O4 - HKLM\..\RunOnce: [ipjl.exe] C:\WINDOWS\ipjl.exe
O4 - HKLM\..\RunOnce: [crlc32.exe] C:\WINDOWS\crlc32.exe
O4 - HKLM\..\RunOnce: [wincq.exe] C:\WINDOWS\wincq.exe
O4 - HKLM\..\RunOnce: [ntre32.exe] C:\WINDOWS\ntre32.exe
O4 - HKLM\..\RunOnce: [apiff.exe] C:\WINDOWS\apiff.exe
O4 - HKLM\..\RunOnce: [sdkys32.exe] C:\WINDOWS\system32\sdkys32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...edceabcca450006
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CD...TInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} (IEPlugIn Class) - http://install.cokemusic.de/client/pc/MY-P...LLER_loader.exe


After you have fix checked and closed Hijackthis
Open up JUST CWShredder and let it FIX all problems

Restart back in Normal Mode
Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page
===Do a DiskCleanup>>START----Run---type in cleanmgr
Ensure that Temp and Temporary Internet Files are checked

Open Ad-Aware
Do a Full system scan----Remove All Critical objects
RESTART your computer to finish the cleaning process

Post back with a Fresh Hijackthis log and let us know how your doing

[Guest]

Thanks for your help, guestolo. I'm aware that fixing anything related to viruses requires patience, and I didn't mean to sound too impatient. In addition to following your advice, I also downloaded AntiVir Personal Edition, which managed to delete over 100 trojan horses. In Safe Mode, I was able to modify the start page to http://www.google.com, which the IE Browser wouldn't allow me to do online. Below is the current log of HijackThis. The O15 entries weren't there before. Do I need to get rid of them? And is there anything else to delete? By the way, the Coke Music thing is fine, and I actually need that, so this is something I downloaded in purpose and isn't malware, so I didn't delete the following two entries:

O4 - HKCU\..\Run: [my-playlist] "C:\Programme\my-playlist\my-playlist.exe" /Autostart
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} (IEPlugIn Class) - http://install.cokemusic.de/client/pc/MY-P...LLER_loader.exe

As far as the rest of the log, I'd very much appreciate any input on how to get complete rid of any spyware. In this particular case, I believe to be dealing with Cool Web Search in combination with Free XXX and dialer-related crap as well. Thanks a lot in advance for any helpful reply.


Logfile of HijackThis v1.98.2
Scan saved at 15:14:48, on 25.09.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Alexander\Lokale Einstellungen\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programme\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [my-playlist] "C:\Programme\my-playlist\my-playlist.exe" /Autostart
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = C:\Programme\ArtecUSB\ScanPanel\ScnPanel.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} (IEPlugIn Class) - http://install.cokemusic.de/client/pc/MY-P...LLER_loader.exe

[guestolo]

Sorry, I wasn't specifically directing that comment at you, the give your head a shake part  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'\' />
I've responded to a couple other logs and posters don't get back with a new log, they
must think it's all done, after the first log

Can you again Redownload the latest version of hijackthis 1.98.2, but this time save it in a permanent folder.
Choose Save to Disk rather than Open

You appeared to of performed a Fresh Scan of Hijackthis in Safe Mode
Can you do one in Normal mode and post a log from that, thanks

[Guest]

guestolo, thanks for replying. Oh, I see, so you meant your comment in a more general way than I took it, so thanks for your clarifying. Well, everything is running fine now, but I'm somewhat confused about a database file called Thumbs that is on my Desktop now and wasn't there before. The icon is blurry, and it somehow appears like a file I shouldn't get rid of. Do you know what that's all about? Please let me know. Other than that, I just ran HijackThis again, this time not in Safe Mode, though, and below is the most recent log. I keep the AntiVir software on all the time, so I should be safe now. What do you think? Any helpful input is appreciated. Thanks!


Logfile of HijackThis v1.98.2
Scan saved at 17:36:01, on 26.09.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programme\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Programme\WinPortrait\wpctrl.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\my-playlist\my-playlist.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ArtecUSB\ScanPanel\ScnPanel.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\WinPortrait\floater.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programme\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programme\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Programme\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programme\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [my-playlist] "C:\Programme\my-playlist\my-playlist.exe" /Autostart
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = C:\Programme\ArtecUSB\ScanPanel\ScnPanel.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} (IEPlugIn Class) - http://install.cokemusic.de/client/pc/MY-P...LLER_loader.exe

[guestolo]

Looks fine now, your seeing those faded Icons because you have Windows set to show Hidden files and folders
You should go back and hide them again.......

You have a few Startup entries that can be fixed with Hijackthis, they do NOT need to be running on startup, this is Optional and up to you
But these are considered resource hogs, programs work fine without them

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE

RESTART your computer
Navigate to
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
Rename realsched.exe>>>>realsched.old

These 2 programs will add extra security when browsing, they don't run in the background---take a look

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL + Download link==http://www.bleepingcomputer.com/forums/index.php?showtutorial=53

With both, Check for updates every couple of weeks

If everything is running fine
You should flush out your Restore points
Simply Disable System Restore---Restart your computer --- Enable System Restore
Here's a link to show you how
http://vil.nai.com/vil/SystemHelpDocs/Disa...eSysRestore.htm

Take care http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />