[Jarlaxle623]

Hello, I recently did a scan of my computer using Clamwin and came across these two entries. Nothing strange has happened that I noticed, but I still don't like having trojans on my computer. Any help you could give would be greatly appreciated. Here is the initial Clamwin Log followed by the Hijackthis Log


Scan Started Sat Nov 07 12:56:51 2009

-------------------------------------------------------------------------------



C:\Boot\BCD: Permission denied

C:\hiberfil.sys: Permission denied

C:\pagefile.sys: Permission denied

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef1b66b25c491ea31bde72145a0 6a08d_1132e34e-1741-4a62-b6de-0e7ee1288625: Permission denied

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied

C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ef1b66b25c491ea31bde72145a06a08d_113 2e34e-1741-4a62-b6de-0e7ee1288625: Permission denied

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied

C:\Users\Bugmanz\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied

C:\Users\Bugmanz\AppData\Local\Microsoft\Windows Defender\FileTracker\C3CBA552-8ACC-40D6-97FE-CEC6C346B9FE: Permission denied

C:\Users\Bugmanz\ntuser.dat.LOG1: Permission denied

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1: Permission denied

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1: Permission denied

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0: Permission denied

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0: Permission denied

C:\Windows\System32\catroot2\127D0A1D-4EF2-11D1-8608-00C04FC295EE\catdb: Permission denied

C:\Windows\System32\catroot2\F750E6C3-38EE-11D1-85E5-00C04FC295EE\catdb: Permission denied

C:\Windows\System32\config\COMPONENTS: Permission denied

C:\Windows\System32\config\COMPONENTS.LOG1: Permission denied

C:\Windows\System32\config\DEFAULT: Permission denied

C:\Windows\System32\config\DEFAULT.LOG1: Permission denied

C:\Windows\System32\config\RegBack\COMPONENTS: Permission denied

C:\Windows\System32\config\RegBack\DEFAULT: Permission denied

C:\Windows\System32\config\RegBack\SAM: Permission denied

C:\Windows\System32\config\RegBack\SECURITY: Permission denied

C:\Windows\System32\config\RegBack\SOFTWARE: Permission denied

C:\Windows\System32\config\RegBack\SYSTEM: Permission denied

C:\Windows\System32\config\SAM: Permission denied

C:\Windows\System32\config\SAM.LOG1: Permission denied

C:\Windows\System32\config\SECURITY: Permission denied

C:\Windows\System32\config\SECURITY.LOG1: Permission denied

C:\Windows\System32\config\SOFTWARE: Permission denied

C:\Windows\System32\config\SOFTWARE.LOG1: Permission denied

C:\Windows\System32\config\SYSTEM: Permission denied

C:\Windows\System32\config\SYSTEM.LOG1: Permission denied

C:\Windows\System32\drivers\sptd.sys: Permission denied



C:\Program Files\PowerStrip\PStrap.dll: Trojan.Hupigon-20037 FOUND

C:\Users\Bugmanz\Desktop\desktop.ini: Worm.Autorun-2190 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 646712

Engine version: 0.95.2

Scanned directories: 16676

Scanned files: 188769

Infected files: 2



Data scanned: 66398.08 MB

Data read: 171596.78 MB (ratio 0.39:1)

Time: 6991.481 sec (116 m 31 s)

--------------------------------------

Completed

--------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:18 PM, on 11/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\nHancer\nHancer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/Mothership?...36363639343141
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/Mothership?...36363639343141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/mothership
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/mothership
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com...reqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6839 bytes



Thanks again!