Guest Dendro Posted November 11, 2008 Posted November 11, 2008 Hello, Hoping someone here can help get this beastie off my PC. Found in apcup.dll by Bitdefender & confirmed by Kaspersky online. Thanks in advance. HJT LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:51:34 AM, on 11/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe D:\Security\AdAware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\Program Files\ASUS\AI Direct Link\AsShare.exe C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe D:\BitDefender\bdmcon.exe D:\BitDefender\bdagent.exe C:\Program Files\ASUS\Drive Xpert\SteelVine.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe D:\Java6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe D:\Cisco Systems\VPN Client\cvpnd.exe D:\Java6\bin\jqs.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Skype\Phone\Skype.exe D:\FireFox\firefox.exe D:\Java6\bin\java.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe D:\BitDefender\vsserv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Security\Spybot\SDHelper.dll O2 - BHO: Java� Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {81CC4CF4-7E22-4A88-A465-FEEEBEAE460A} - C:\WINDOWS\system32\apcup.dll O2 - BHO: Java� Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files\ASUS\AI Direct Link\AsShare.exe" O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg O4 - HKLM\..\Run: [Drive Xpert] C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe O4 - HKLM\..\Run: [bDMCon] "D:\BitDefender\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "D:\BitDefender\bdagent.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\adobe\Lightroom\apdproxy.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Java6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = D:\MS\Office\Office10\OSA.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MS\Office\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Security\Spybot\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Security\Spybot\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\ASUS\Drive Xpert\SteelVine.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Security\AdAware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\BitDefender\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 8174 bytes -- Dendro ------------------------------------------------------------------------ Dendro's Profile: http://forums.techarena.in/members/dendro.htm View this thread: http://forums.techarena.in/security-virus/1069891.htm http://forums.techarena.in Quote
Guest siljaline Posted November 11, 2008 Posted November 11, 2008 Dendro wrote: <span style="color:blue"> > > Hello, > Hoping someone here can help get this beastie off my PC. > Found in apcup.dll by Bitdefender & confirmed by Kaspersky online.</span> <HJT LOG Snipped> Post it to /any/ of the following (expert) forums for analysis. Note, //registration// is required prior to posting a log. - Not listed in any particular order - (http://forum.securitycadets.com/index.php?showforum=2) (http://forums.spywareinfo.com/index.php?&showforum=18) (http://www.spywarewarrior.com/viewforum.php?f=5) (http://www.bleepingcomputer.com/forums/forum22.html) (http://www.dslreports.com/forum/cleanup) (http://forum.malwareremoval.com/viewforum.php?f=11) (http://www.cybertechhelp.com/forums/forumdisplay.php?f=25) (http://www.atribune.org/forums/index.php?showforum=9) (http://spywarehammer.com/simplemachinesfor....php?board=10.0) (http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html) (http://forums.spywareinfo.com/index.php?showforum=18) (http://www.techmonkeys.co.uk/forums/viewforum.php?f=8) (http://forum.networktechs.com/forumdisplay.php?f=130) (http://forums.maddoktor2.com/index.php?showforum=17) (http://forums.spywaretimes.com/index.php?showforum=2) (http://www.bluetack.co.uk/forums/index.php?showforum=172) (http://forums.techguy.org/f54-s.html) (http://forums.tomcoyote.org/index.php?showforum=27) (http://forums.subratam.org/index.php?showforum=7) (http://www.5starsupport.com/ipboard/index.php?showforum=18) (http://www.malwarebytes.org/forums/index.php?showforum=7) (http://www.wilderssecurity.com/forumdisplay.php?f=26) (http://makephpbb.com/phpbb/viewforum.php?f=2) (http://forums.techguy.org/54-security/) (http://forums.security-central.us/forumdisplay.php?f=13) (http://castlecops.com/forum67.html) (http://gladiator-antivirus.com/forum/index.php?showforum=170) (http://www.lavasoftsupport.com/index.php?showforum=36) (http://forum.piriform.com/index.php?showforum=12) (http://aumha.net/viewforum.php?f=30) (http://www.castlecops.com/f67-Trend_Micro_...kThis_Logs.html) Post back the URL where you posted your log, not the entire log. Silj -- http://msmvps.com/blogs/siljaline/default.aspx Quote
Guest Malke Posted November 11, 2008 Posted November 11, 2008 Dendro wrote: <span style="color:blue"> > > Hello, > Hoping someone here can help get this beastie off my PC. > Found in apcup.dll by Bitdefender & confirmed by Kaspersky online.</span> (snip HJT log) I'm sorry but we don't analyze HJT logs here in the MS newsgroups. HJT logs take a great deal of time and expertise to analyze, and may also contain private information best kept out of Usenet groups. Instead, please get guided help at one of the specialty forums below OR back up your data and do a clean install of Windows. It is your choice. If you are unsure how to back up your data or how to do a clean install, you can take your machine to a local computer professional. I don't recommend using BigComputerStore/GeekSquad types of places. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS. http://aumha.org/downloads/hijackthis.zip http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies first . http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://www.malwarebytes.org/forums/index.php?showforum=7 http://gladiator-antivirus.com/forum/index.php?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 http://forums.techguy.org/54-security/ http://forums.tomcoyote.org/ http://www.thespykiller.co.uk/index.php?board=3.0 http://forums.subratam.org/index.php?showforum=7 Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.