Tech Support Forum banner
Cancel

Trojan found in apcup.dll

Jump to Latest Follow
Status
Not open for further replies.
1 - 2 of 2 Posts
W

· Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hello - Bitdefender popped on last night saying apcup.dll (c:windows\windows\system32\apcup.dll) was infected with a Trojan.
Kaspersky online confirms it as Trojan.Win32.BHO.hhy

Have dl'd gmer and HJT and run both.

Thanks in advance for any assistance
Dirk
 
W

· Registered
Joined
·
2 Posts
Discussion Starter · #2 ·
Re: Trojan found in apcup.dll **DDS & GMER here

DDS log:


DDS (Version 1.0) - NTFSx86
Run at 9:36:16.28 on 11/11/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2458 [GMT -7:00]

=============== Created Last 30 ================

2008-11-11 08:15 250 a------- c:\windows\gmer.ini
2008-11-11 07:51 <DIR> --d----- c:\program files\Trend Micro
2008-11-10 10:03 <DIR> --d----- c:\docume~1\dave\applic~1\Bitstream
2008-11-10 08:16 88 ---shr-- c:\windows\system32\08486504DC.sys
2008-11-04 21:55 48,384 -------- c:\windows\system32\drivers\ser2pl.sys
2008-11-03 14:05 0 a------- c:\windows\Convert.INI
2008-11-02 10:49 <DIR> --d----- c:\docume~1\dave\applic~1\Corina
2008-11-02 10:48 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-02 10:48 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-02 07:27 12 a------- C:\DPL.INI
2008-10-27 20:01 <DIR> --d----- c:\docume~1\dave\applic~1\EndNote
2008-10-27 19:58 <DIR> --d----- c:\program files\common files\Risxtd
2008-10-27 19:40 <DIR> --d----- c:\docume~1\dave\applic~1\OfficeUpdate12
2008-10-27 19:33 376 a------- c:\windows\ODBC.INI
2008-10-27 19:33 <DIR> --d----- c:\program files\Microsoft ActiveSync
2008-10-27 19:31 <DIR> --d----- c:\windows\ShellNew
2008-10-26 11:08 244 a---h--- C:\sqmnoopt00.sqm
2008-10-26 11:08 232 a---h--- C:\sqmdata00.sqm
2008-10-26 09:06 30 a------- c:\windows\Iedit_.INI
2008-10-24 13:27 93,184 a------- c:\windows\system32\apcup.dll
2008-10-24 07:10 <DIR> --d----- c:\program files\LifeScan
2008-10-24 07:09 397,312 a------- c:\windows\system32\MSRDO20.DLL
2008-10-24 07:09 151,552 a------- c:\windows\system32\rdocurs.dll
2008-10-24 07:09 37,062 a------- c:\windows\system32\odbcinst.hlp
2008-10-24 07:09 324 a------- c:\windows\system32\odbcinst.cnt
2008-10-24 07:09 89,360 a------- c:\windows\system32\VB5DB.DLL
2008-10-18 18:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ATI
2008-10-18 18:25 <DIR> --d----- c:\docume~1\dave\applic~1\Ulead Systems
2008-10-18 18:22 593,920 -------- c:\windows\system32\ati2sgag.exe
2008-10-18 16:58 10 a------- c:\windows\WININIT.INI
2008-10-18 16:10 <DIR> --d----- c:\windows\system32\NtmsData
2008-10-18 08:48 <DIR> --d----- c:\windows\pss
2008-10-17 12:54 <DIR> --d----- c:\windows\Internet Logs
2008-10-17 12:53 125,328 a------- c:\windows\system32\drivers\dne2000.sys
2008-10-17 12:53 106,768 a------- c:\windows\system32\dneinobj.dll
2008-10-17 12:52 <DIR> --d----- c:\program files\common files\Deterministic Networks
2008-10-17 12:52 1,594 a------- c:\windows\VPNInstall.MIF
2008-10-17 12:14 129,784 -------- c:\windows\system32\pxafs.dll
2008-10-17 12:14 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-10-17 12:14 118,056 -------- c:\windows\system32\pxcpyi64.exe
2008-10-14 22:12 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 22:12 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 22:12 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 22:12 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 20:51 177,152 a------- c:\windows\system32\drivers\XRNBO.sys
2008-10-14 19:07 299,520 a------- c:\windows\uninst.exe
2008-10-14 19:07 <DIR> --d----- c:\documents and settings\dave\WINDOWS
2008-10-14 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-10-14 15:38 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-10-14 15:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-10-13 22:09 <DIR> --d----- C:\Campbellsci
2008-10-13 16:04 2,116 a------- c:\windows\system32\drivers\60CA78E3.bin
2008-10-13 16:03 32 a------- c:\windows\system32\drivers\mshcmd.sys.
2008-10-13 15:33 37,088 a------- c:\windows\system32\drivers\SNTNLUSB.SYS
2008-10-13 15:33 <DIR> --d----- c:\program files\SafeNet Sentinel
2008-10-13 15:33 <DIR> --d----- c:\program files\common files\SafeNet Sentinel
2008-10-13 15:32 <DIR> --d----- c:\windows\Downloaded Installations
2008-10-12 15:02 59,122 a------- c:\windows\system32\Dell laser
2008-10-12 15:02 1,220 a------- c:\windows\system32\LexFiles.usr
2008-10-12 15:02 315,392 a------- c:\windows\system32\lexlog.dll
2008-10-12 15:02 <DIR> --d----- c:\program files\Dell_HostCD
2008-10-12 15:02 1,084 a------- c:\windows\DKAAP2DD.ini
2008-10-12 14:13 4,017 a------- c:\windows\system32\LexFiles.ulf
2008-10-12 13:46 <DIR> --d----- C:\instdir.tmp

================== Find3M ==================

2008-11-11 09:36 81,984 a------- c:\windows\system32\bdod.bin
2008-11-10 09:19 7,046 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-11-10 09:10 <DIR> --d----- c:\program files\Corel
2008-11-10 09:10 <DIR> --d----- c:\program files\common files\Corel
2008-11-10 09:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Corel
2008-10-18 18:24 <DIR> --d----- c:\program files\ATI Technologies
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-12 06:55 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-10-11 20:24 <DIR> --d----- c:\program files\IDM Computer Solutions
2008-10-11 20:24 <DIR> --d----- c:\docume~1\dave\applic~1\IDMComp
2008-10-10 19:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ipswitch
2008-10-10 10:29 <DIR> --d----- c:\docume~1\dave\applic~1\Helios
2008-10-04 08:18 <DIR> --d----- c:\docume~1\dave\applic~1\Bitdefender
2008-10-04 08:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2008-10-04 08:18 <DIR> --d----- c:\program files\common files\Softwin
2008-10-02 17:45 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-02 10:08 <DIR> --d----- c:\program files\Skype
2008-10-01 11:00 <DIR> --d----- c:\program files\common files\CourseDownloads.com
2008-10-01 10:32 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-10-01 10:32 <DIR> --d----- c:\program files\ati
2008-09-30 19:48 <DIR> --d----- c:\program files\Messenger
2008-09-30 19:48 <DIR> --d----- c:\program files\MSXML 4.0
2008-09-30 19:46 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-09-30 19:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WinZip
2008-09-30 19:29 <DIR> --d----- c:\program files\Ulead Systems
2008-09-30 19:29 <DIR> --d----- c:\program files\common files\Ulead Systems
2008-09-30 19:18 <DIR> --d----- c:\program files\Marvell
2008-09-30 19:15 <DIR> --d----- c:\program files\ASUS
2008-09-30 19:13 <DIR> --d----- c:\program files\Express Gate
2008-09-30 18:13 <DIR> --d----- c:\program files\Analog Devices
2008-09-30 13:50 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-09-30 13:50 <DIR> --d----- c:\program files\common files\MSSoap
2008-09-30 13:49 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-09-30 13:49 <DIR> --d----- c:\program files\Online Services
2008-09-30 13:48 <DIR> --d----- c:\program files\MSN Gaming Zone
2008-09-30 13:48 <DIR> --d----- c:\program files\Windows NT
2008-09-30 06:23 <DIR> --d----- c:\program files\common files\ODBC
2008-09-30 06:22 <DIR> --d----- c:\program files\common files\SpeechEngines
2008-09-23 19:18 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2008-09-23 19:17 311,296 a------- c:\windows\system32\ati2dvag.dll
2008-09-23 19:09 10,772,480 a------- c:\windows\system32\atioglxx.dll
2008-09-23 19:07 188,416 a------- c:\windows\system32\atipdlxx.dll
2008-09-23 19:06 143,360 a------- c:\windows\system32\Oemdspif.dll
2008-09-23 19:06 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2008-09-23 19:06 43,520 a------- c:\windows\system32\ati2edxx.dll
2008-09-23 19:06 143,360 a------- c:\windows\system32\ati2evxx.dll
2008-09-23 19:04 581,632 a------- c:\windows\system32\ati2evxx.exe
2008-09-23 19:03 53,248 a------- c:\windows\system32\ATIDDC.DLL
2008-09-23 18:56 307,200 a------- c:\windows\system32\atiiiexx.dll
2008-09-23 18:54 4,008,864 a------- c:\windows\system32\ati3duag.dll
2008-09-23 18:38 2,399,744 a------- c:\windows\system32\ativvaxx.dll
2008-09-23 18:38 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2008-09-23 18:38 3,107,788 a------- c:\windows\system32\ativva5x.dat
2008-09-23 18:38 887,724 a------- c:\windows\system32\ativva6x.dat
2008-09-23 18:24 48,640 a------- c:\windows\system32\amdpcom32.dll
2008-09-23 18:20 380,928 a------- c:\windows\system32\atikvmag.dll
2008-09-23 18:19 39,424 a------- c:\windows\system32\atiadlxx.dll
2008-09-23 18:18 17,408 a------- c:\windows\system32\atitvo32.dll
2008-09-23 18:18 253,952 a------- c:\windows\system32\atiok3x2.dll
2008-09-23 18:12 573,440 a------- c:\windows\system32\ati2cqag.dll
2008-09-17 12:17 176,918 a------- c:\windows\system32\atiicdxx.dat
2008-09-15 05:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-08-26 00:24 826,368 a------- c:\windows\system32\wininet.dll
2008-08-25 13:31 524,288 a------- c:\windows\opuc.dll
2008-08-14 03:09 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2008-08-14 02:33 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe

============== Psuedo HJT Report ===============

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - d:\security\spybot\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\java6\bin\ssv.dll
BHO: {81CC4CF4-7E22-4A88-A465-FEEEBEAE460A} - c:\windows\system32\apcup.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\java6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - d:\java6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [Launch Direct Link] "c:\program files\asus\ai direct link\AsShare.exe"
mRun: [Launch As Cmd Runner] "c:\program files\asus\ai direct link\AsCmd.exe" -reg
mRun: [Drive Xpert] c:\program files\asus\drive xpert\DriveXpert.exe
mRun: [BDMCon] "d:\bitdefender\bdmcon.exe" /reg
mRun: [BDAgent] "d:\bitdefender\bdagent.exe"
mRun: [Adobe Photo Downloader] "d:\adobe\lightroom\apdproxy.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "d:\java6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\ms\office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - d:\ms\office\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\security\spybot\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent -Ati2evxx.dll
AppInit_DLLs: sockspy.dll
SSODL: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ==============

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys
R0 ewohqoch;ewohqoch;c:\windows\system32\drivers\ewohqoch.sys
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x32l.sys
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x32v.sys
S3 XRNBO;XRNBO;c:\windows\system32\drivers\XRNBO.sys
R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\asus\drive xpert\SteelVine.exe
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe

============= FINISH: 9:36:24.64 ===============
 

Attachments

1 - 2 of 2 Posts
Status
Not open for further replies.
About this Discussion
1 Reply
1 Participant
Last post:
Woody2k8
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top