HijackThis Logfile

[Guest]

Please take a close look at the following logfile and tell me what I'd need to get rid of. Thanks a lot!


Logfile of HijackThis v1.99.0
Scan saved at 22:46:30, on 30.09.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINDOWS\system32\scvhost9.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programme\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\WinPortrait\wpctrl.exe
C:\WINDOWS\System32\scvhost.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programme\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\vqvbtbi.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\algs.exe
C:\WINDOWS\etb\pokapoka69.exe
C:\WINDOWS\System32\msn9.exe
C:\WINDOWS\System32\wisp.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programme\phonostar\ps_agent.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\WinPortrait\floater.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\Programme\HijackThis\HijackThis.exe
C:\WINDOWS\System32\nokiacheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programme\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [wR5coS] C:\WINDOWS\vqvbtbi.exe
O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [MSN9 Startup] msn9.exe
O4 - HKLM\..\Run: [MCX Update] wisp.exe
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\Run: [Nokia Check] nokiacheck.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [MSN9 Startup] msn9.exe
O4 - HKLM\..\RunServices: [MCX Update] wisp.exe
O4 - HKLM\..\RunServices: [Nokia Check] nokiacheck.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [Nokia Check] nokiacheck.exe
O4 - HKCU\..\Run: [MSN9 Startup] msn9.exe
O4 - HKCU\..\RunServices: [Nokia Check] nokiacheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: Altiris Client-Dienst - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Compaq Local Alerter - Compaq Computer Corporation - C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Enables Java Support - Unknown - C:\WINDOWS\system32\scvhost9.exe
O23 - Service: Intel® NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Win32Sl - Intel - C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

[guestolo]

Hi guest, one requirement I ask when you post a hijackthis log
Is that you register to the forum
It's free and a simple process
Afterwards, come back here and post a fresh hijackthis log

[Guest]

Thanks for your reply, guestolo. Although I very much see your point, please understand that I am already registered with too many domains and e-mails and so on, and since I really just have this one question, I believe that registering would overdoing it, also compared to other help sites where I didn't have to register to get my question answered. It's just that it seems quite risky to me to follow the first advice I'm given, since getting rid of the wrong HijackThis entries might have severe consequences. Thus, please let me know whether you'd be so nice and be willing to make an exception here and help me out in this situation, without my having to register right away. I'd very much appreciate that.

In case that you decide to make an exception, here is some additional information: I can't download any more programs or tools, because it's not even booting anymore, so there is no way for me to go online with that PC. I'm at a different PC now, but downloading it on here wouldn't help, and I don't have a CD burner on this PC. The only thing I can still do with the infected system is having it boot in Safe Mode. Whenever I try to boot it regularly, a blue screen comes up for only one second with many lines of information in white font. I took a picture of the screen, so I can read what it says afterwards, and the most important information should be the following: "PAGE_FAULT_IN_NONPAGED_AREA" (listed on one of the upper lines as something like the problem description) and "Technical Information: *** STOP: 0x00000050 (0x82222338, 0x00000000, 0x804E5283, 0x00000000)." Does this information give you, guestolo, or anyone reading this a clear picture of what's going on? Please let me know.

Again, thanks very much in advance, and a special thanks to guestolo, in case that you decide to exempt me from another registration.

[guestolo]

If, in the future, you have problems
I can search your user name and see what we have done in the past

Without registering, you make it impossible to search for "guest"

Sorry I was of no help, you have a few problems that need taken care of
I hate to do this but,
I'll lock this topic

Take care