| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 122477 | 2011-12-22 20:47:00 | HJT Log for Speedy if possible | SP8's (9836) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1250397 | 2011-12-22 20:47:00 | Hi Speedy ... Log from a Chinese computer with QQPCNetFlow running in the background & uploading ... I can stop the process through Task Manager, but it starts up every time the computer reboots (as expected) ... Sorry to say it Speedy, but there might be another one to do as well ! QQ is the Chinese equivalent of MSN Messenger and like Windows live, The Messenger portion can be downloaded as a 'Bundled" package with Music, Photo's, Mail, etc ... These students don't realise they're running in the background and I wan't to stop the process ... permanently ! The log file ... have fun ... :D Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:45:09, on 2011/12/16 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Youdao\Dict4\YodaoDict.exe C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe C:\Users\Gray\AppData\Roaming\kingsoft\klive\bin\k live.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe C:\Program Files (x86)\Tencent\QDesk\QDesk.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe C:\Program Files\Alienware\Command Center\AlienFusionController.exe F:\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: QQ¹¤¾ßÀ¸ - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\B abylonToolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: QMWSBho - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - C:\Program Files (x86)\Tencent\QQPCMgr\6.2.2026.202\TSWebMon.dat O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: QQ¹¤¾ßÀ¸ - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\Baby lonToolbarTlbr.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe O4 - HKLM\..\Run: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\SSPlus\Stup.exe O4 - HKLM\..\Run: [QDesk] "C:\Program Files (x86)\Tencent\QDesk\QDesk.exe" /parent=regrun O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\6.2.2026.202\QQPCTray.exe" /regrun O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.e xe O4 - HKCU\..\Run: [YodaoDict] "C:\Program Files (x86)\Youdao\Dict4\RunDict.exe" -hide O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Gray\AppData\Local\Google\Update\GoogleUp date.exe" /c O4 - HKCU\..\Run: [QQMusic] "C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe" /background O4 - HKCU\..\Run: [QQ2009] "C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe" /background O4 - HKCU\..\Run: [klive] "C:\Users\Gray\AppData\Roaming\kingsoft\klive\bin\k live.exe" -AutoRun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: ºÆ·½µç¾ºÆ½Ì¨ - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files (x86)\Holdfast\platform 5.0\gameclient.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\xunyount.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\xunyount.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\xunyount.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\xunyount.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O11 - Options group: [TBH] ÌÚѶÖÐÎÄËÑËÑ O15 - Trusted Zone: http://cache.tv.qq.com (HKLM) O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM) O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM) O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM) O15 - Trusted Zone: http://video_1.qq.com (HKLM) O15 - ESC Trusted Zone: http://*.update.microsoft.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou7\KUGOO3~1.OCX O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou7\KUGOO3~1.OCX O20 - Winlogon Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour ·þÎñ (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FAService - Sensible Vision - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod ·þÎñ (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Kingsoft Core Service (kxescore) - Kingsoft Corporation - c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: QDesk Software Updater (QDeskSvc) - Tencent - C:\Program Files (x86)\Tencent\QDesk\updater.exe O23 - Service: QQPCFix Service (QQPCFIX) - Unknown owner - C:\Program Files (x86)\Tencent\QQPCMgr\QQPCFix\QQPCFixSvc.exe (file missing) O23 - Service: QQPCMgr RTP Service (QQPCRTP) - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\6.2.2026.202\QQPCRTP.exe O23 - Service: Qvod Server Watcher - Unknown owner - C:\Program Files (x86)\QvodServer\QvodWatcher\QvodWatcher.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\AlienRespawn\sftservice.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10104 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12530 bytes |
SP8's (9836) | ||
| 1250398 | 2011-12-22 21:15:00 | O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file) According to bleepingcomputer, this is a trojan (www.bleepingcomputer.com). Looks like its a password stealer. So, if anyone uses this for online banking, DON'T O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\SSPlus\Stup.exe <- Only diff, is bleepingcomputer shows Adplus, not SSPlus Uninstall it I would uninstall this as well. Anything to do with Tencent C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe O4 - HKLM\..\Run: [QDesk] "C:\Program Files (x86)\Tencent\QDesk\QDesk.exe" /parent=regrun O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\6.2.2026.202\QQPCTray.exe" /regrun O4 - HKCU\..\Run: [QQMusic] "C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe" /background \ O4 - HKCU\..\Run: [QQ2009] "C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe" /background This may belong to fake AV software O4 - HKCU\..\Run: [klive] "C:\Users\Gray\AppData\Roaming\kingsoft\klive\bin\ klive.exe" -AutoRun O15 - Trusted Zone: http://cache.tv.qq.com (HKLM) O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM) O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM) O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM) O15 - Trusted Zone: http://video_1.qq.com (HKLM) Uninstall this O23 - Service: Kingsoft Core Service (kxescore) - Kingsoft Corporation - c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe Then reboot, then install a better AV program update it. Then do a full scan |
Speedy Gonzales (78) | ||
| 1250399 | 2011-12-22 21:23:00 | Hi Speedy .. and thanks for the quick reply. I have installed MSSE, Spybot, MB & SAS ... Obviously I took this Log file before I installed them. I'll take off what you suggest and repost a new log for another check ... hope you don't mind. | SP8's (9836) | ||
| 1250400 | 2011-12-22 22:09:00 | Sweet no probs | Speedy Gonzales (78) | ||
| 1 | |||||