1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.Hupigon-2003 and Worm.Autorun-2190

Discussion in 'Virus & Other Malware Removal' started by Jarlaxle623, Nov 9, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. Jarlaxle623

    Jarlaxle623 Thread Starter

    Joined:
    Nov 9, 2009
    Messages:
    1
    Hello, I recently did a scan of my computer using Clamwin and came across these two entries. Nothing strange has happened that I noticed, but I still don't like having trojans on my computer. Any help you could give would be greatly appreciated. Here is the initial Clamwin Log followed by the Hijackthis Log


    Scan Started Sat Nov 07 12:56:51 2009

    -------------------------------------------------------------------------------



    C:\Boot\BCD: Permission denied

    C:\hiberfil.sys: Permission denied

    C:\pagefile.sys: Permission denied

    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef1b66b25c491ea31bde72145a06a08d_1132e34e-1741-4a62-b6de-0e7ee1288625: Permission denied

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied

    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ef1b66b25c491ea31bde72145a06a08d_1132e34e-1741-4a62-b6de-0e7ee1288625: Permission denied

    C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied

    C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied

    C:\Users\Bugmanz\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied

    C:\Users\Bugmanz\AppData\Local\Microsoft\Windows Defender\FileTracker\C3CBA552-8ACC-40D6-97FE-CEC6C346B9FE: Permission denied

    C:\Users\Bugmanz\ntuser.dat.LOG1: Permission denied

    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1: Permission denied

    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1: Permission denied

    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0: Permission denied

    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0: Permission denied

    C:\Windows\System32\catroot2\127D0A1D-4EF2-11D1-8608-00C04FC295EE\catdb: Permission denied

    C:\Windows\System32\catroot2\F750E6C3-38EE-11D1-85E5-00C04FC295EE\catdb: Permission denied

    C:\Windows\System32\config\COMPONENTS: Permission denied

    C:\Windows\System32\config\COMPONENTS.LOG1: Permission denied

    C:\Windows\System32\config\DEFAULT: Permission denied

    C:\Windows\System32\config\DEFAULT.LOG1: Permission denied

    C:\Windows\System32\config\RegBack\COMPONENTS: Permission denied

    C:\Windows\System32\config\RegBack\DEFAULT: Permission denied

    C:\Windows\System32\config\RegBack\SAM: Permission denied

    C:\Windows\System32\config\RegBack\SECURITY: Permission denied

    C:\Windows\System32\config\RegBack\SOFTWARE: Permission denied

    C:\Windows\System32\config\RegBack\SYSTEM: Permission denied

    C:\Windows\System32\config\SAM: Permission denied

    C:\Windows\System32\config\SAM.LOG1: Permission denied

    C:\Windows\System32\config\SECURITY: Permission denied

    C:\Windows\System32\config\SECURITY.LOG1: Permission denied

    C:\Windows\System32\config\SOFTWARE: Permission denied

    C:\Windows\System32\config\SOFTWARE.LOG1: Permission denied

    C:\Windows\System32\config\SYSTEM: Permission denied

    C:\Windows\System32\config\SYSTEM.LOG1: Permission denied

    C:\Windows\System32\drivers\sptd.sys: Permission denied



    C:\Program Files\PowerStrip\PStrap.dll: Trojan.Hupigon-20037 FOUND

    C:\Users\Bugmanz\Desktop\desktop.ini: Worm.Autorun-2190 FOUND

    ----------- SCAN SUMMARY -----------

    Known viruses: 646712

    Engine version: 0.95.2

    Scanned directories: 16676

    Scanned files: 188769

    Infected files: 2



    Data scanned: 66398.08 MB

    Data read: 171596.78 MB (ratio 0.39:1)

    Time: 6991.481 sec (116 m 31 s)

    --------------------------------------

    Completed

    --------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:35:18 PM, on 11/9/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18294)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\CyberLink\Shared files\brs.exe
    C:\Program Files\Razer\Tarantula\razerhid.exe
    C:\Program Files\ClamWin\bin\ClamTray.exe
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
    C:\Program Files\nHancer\nHancer.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/Mothership...%&ai=636E3D35313237343226706F3D36363639343141
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/Mothership...%&ai=636E3D35313237343226706F3D36363639343141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/mothership
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/mothership
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
    O13 - Gopher Prefix:
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    --
    End of file - 6839 bytes



    Thanks again!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/875914