[NolanHoenicke]

ok so like from the beginning. I close my internet and my desktop background is suddenly changed. it is a blue screen that says malicious software has been detected on my computor and a popup comes asking me to install antispyware. im like "yea sure" and look for the cancel button. there is none so i task manager it away. i go into controll panel to change my desktop background but the desktop and screensaver portions are gone. im like WTH. so i google a pic and set it. I load up again the next day and the background changes back again. i go away for a bit and i see an error msg and it restarts my computor. i push the spacebar and realize that its all in the screensaver. my computor has been running slowly. i do an ad-aware scan and once it gets to my registry my computor turns off. i try again, same results. i do a hijackthis scan and find some weird stuff and idk if its good or what. so i see one that says lphcnaoj0ea0p. I havent a clue as to what it is, or some of the other stuff. i cant seem to be able to attatch my log after i saved it so here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:41 PM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lphcnaoj0ea0p.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nolan\Desktop\HiJackThis.exe

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [lphcnaoj0ea0p] C:\WINDOWS\system32\lphcnaoj0ea0p.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1196798691857
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 2800 bytes

[Advertisements]

Hi,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

[miekiemoes]

Hi,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

[NolanHoenicke]

, see like i have norton 360, BUT IT ISNT SHOWING UP!!!. that might be a problem

ok so im guessing my norton thing ran out. but no warnings ever showed. so i scanned with the free av and it deleted some trojans and viruses so im going to reboot once it finishes and see if everythings fine. dam norton

Edited by NolanHoenicke, 25 August 2008 - 05:04 PM.

[miekiemoes]

Your version of Norton is most probably corrupted. Not sure either if you purchased it.

Anyway, uninstall Norton and install the other Antivirus instead.

You can still install Norton afterwards again (since you can't have more than 1 Antivirus installed), but for now, I suggest Avira.

[NolanHoenicke]

also, regcure and hijackthis both say that lphcnaoj0ea0p is a startup item. should i disable/delete this? because it dosent look good and google dosent know what it is either

i restarted and i got a message saying that a trojan was found in windows32 and i deleted it. BUT my screen still turned blue with the whole YOUR SYSTEM IS INFECTED background. =(

Edited by NolanHoenicke, 25 August 2008 - 05:45 PM.

[miekiemoes]

Hi,

Wouldn't it be an idea to follow my instructions, install Avira and post the log?
Then we can start from there and solve your issue.

[miekiemoes]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.