qqlpdp.exe - Dangerous

Windows Programs - Useful, Useless or Malicious

Startupapps.com recommends you:

UnHackMe Warrior Removing rootkits is best done from the "clean" Windows!

Blog: New viruses/malware/rootkits. Everyday!

Blog: How to remove malware/Trojans/rootkits using UnHackMe or manually. We know how to remove malware.

Shortcut Antivirus protects against Microsoft LNK and PIF vulnerability, notify a user about found threats and give possibility to immediately remove threats.

StuxnetRemover - free of charge Stuxnet/Tmphider rootkit removal tool.

Blog: System Software Research. What is under the hood? Who is faster? Antiviral and system software under microscope...

qqlpdp.exe - Dangerous

Fix it immediately

qqlpdp.exe

We suggest you to remove QQLpDp.exe from your computer as soon as possible.
QQLpDp.exe is Trojan/Backdoor.
Kill the process QQLpDp.exe and remove QQLpDp.exe from Windows startup.

File: winlogon.exe

Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.06 Win32:Small-ERC
AVG 8.5.0.406 2009.08.06 Win32/Cekar.G
BitDefender 7.2 2009.08.06 Dropped:Generic.XPL.ADODB.4F5B2074
Comodo 1884 2009.08.06 -
DrWeb 5.0.0.12182 2009.08.06 Trojan.MulDrop.33193
F-Secure 8.0.14470.0 2009.08.06 Backdoor.Win32.Delf.pyd
Kaspersky 7.0.0.125 2009.08.06 Backdoor.Win32.Delf.pyd
Microsoft 1.4903 2009.08.06 TrojanDownloader:Win32/Cekar.gen!A
NOD32 4311 2009.08.06 probably a variant of Win32/Genetik
Symantec 1.4.4.12 2009.08.06 Backdoor.Trojan

Additional information
File size: 372832 bytes
MD5 : 02c3722853323913b2654416fa62c5ea
SHA1 : 45c1cea85ebae7b9039aa7ae1bc42edc12bb9506

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys deleted:126
----------------------------------
...
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKLM\SYSTEM\CurrentControlSet\Services\ERSvc
HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\Security

----------------------------------
Keys added:114
----------------------------------
...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe
...

----------------------------------
Values deleted:144
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\SnapshotCallbacks\: ""
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg\DiskPercent: 0x0000000C
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg\MachineGuid: "{D97F00B9-86E7-4F3D-A081-D07F1E09CE0A}"
...
HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\DisplayName: "Error Reporting Service"
HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\ErrorControl: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\ImagePath: "%SystemRoot%\System32\svchost.exe -k netsvcs"
HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\ObjectName: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\Type: 0x00000020

----------------------------------
Values added:146
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\6357\DEBUG\Trace Level: ""
HKLM\SOFTWARE\Microsoft\ESENT\Process\QQLpDp\DEBUG\Trace Level: ""
HKLM\SOFTWARE\Microsoft\ESENT\Process\WScript\DEBUG\Trace Level: ""
HKLM\SOFTWARE\Microsoft\Windows NT\ReportBootOk: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Debugger: "ntsd -d"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe\Debugger: "ntsd -d"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE\Debugger: "ntsd -d"
...
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_5BC22F3A\0000\DeviceDesc: "5BC22F3A"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_5BC22F3A\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPMGMT\0000\Service: "AppMgmt"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPMGMT\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPMGMT\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPMGMT\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPMGMT\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPMGMT\0000\DeviceDesc: "Application Management"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPMGMT\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KLAN\0000\Service: "klan"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KLAN\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KLAN\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KLAN\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KLAN\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KLAN\0000\DeviceDesc: "klan"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KLAN\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\DMusic\ImagePath: "system32\DRIVERS\JM.sys"
HKLM\SYSTEM\CurrentControlSet\Services\5BC22F3A\Type: 0x00000010
HKLM\SYSTEM\CurrentControlSet\Services\5BC22F3A\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\5BC22F3A\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\5BC22F3A\ImagePath: "C:\WINDOWS\Fonts\71947010.EXE -k"
HKLM\SYSTEM\CurrentControlSet\Services\5BC22F3A\DisplayName: "5BC22F3A"
HKLM\SYSTEM\CurrentControlSet\Services\5BC22F3A\ObjectName: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\5BC22F3A\Description: "312E91B4"
HKLM\SYSTEM\CurrentControlSet\Services\klan\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\klan\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\klan\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\klan\ImagePath: "\??\C:\WINDOWS\system32\drivers\klan.sys"
HKLM\SYSTEM\CurrentControlSet\Services\klan\DisplayName: "klan"
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\IeUpDate: "C:\Program Files\Internet Explorer\UpDate.exe"
HKCU\Software\WinRAR SFX\C%%DOCUME~1%ADMINI~1%LOCALS~1%Temp%: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\"
HKCU\SYSTEM\CurrentControlSet\Services\5BC22F3A\Description: "312E91B4"
HKCU\SYSTEM\CurrentControlSet\Services\5BC22F3A\DisplayName: "5BC22F3A"
HKCU\SYSTEM\CurrentControlSet\Services\5BC22F3A\ImagePath: "C:\WINDOWS\Fonts\71947010.EXE -k"
HKCU\SYSTEM\CurrentControlSet\Services\5BC22F3A\ObjectName: "LocalSystem"

----------------------------------
Values modified:8
----------------------------------
HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DoReport: 0x00000001
HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DoReport: 0x00000000
HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ShowUI: 0x00000001
HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ShowUI: 0x00000000
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: "C:\WINDOWS\system32\userinit.exe,"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: "C:\WINDOWS\system32\userinit.exe,D:\FlySoft\micsoft.exe"
HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\Start: 0x00000002

----------------------------------
Files added:23
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\2.vbs
C:\Documents and Settings\Administrator\Local Settings\Temp\6357.exe
C:\Program Files\AC3Filter\ws2help.dll
C:\Program Files\CCleaner\ws2help.dll
C:\Program Files\Common Files\System\debug.obj
C:\Program Files\Common Files\System\QQLpDp.exe
C:\Program Files\Common Files\ws2help.dll
C:\Program Files\Foxit Software\Foxit Reader\ws2help.dll
C:\Program Files\Greatis\Reanimator\ws2help.dll
C:\Program Files\Internet Explorer\UpDate.exe
C:\Program Files\IrfanView\ws2help.dll
C:\Program Files\K-Lite Codec Pack\ws2help.dll
C:\Program Files\Mozilla Firefox\uninstall\ws2help.dll
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ws2help.dll
C:\Program Files\WinRAR\ws2help.dll
C:\WINDOWS\Fonts\312E91B4.DLL
C:\WINDOWS\Fonts\71947010.EXE
C:\WINDOWS\Fonts\s3sds212.dat
C:\WINDOWS\system32\dllcache\appmgmts.dll
C:\WINDOWS\system32\dllcache\fly7814.dll
C:\WINDOWS\system32\fly7814.dll
C:\WINDOWS\system32\micsoft.exe
C:\WINDOWS\system32\Web.ini

----------------------------------
Files [attributes?] modified:5
----------------------------------
C:\Documents and Settings\NetworkService\Cookies\index.dat
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\appmgmts.dll

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Folders attributes changed:2
----------------------------------
C:\Documents and Settings\NetworkService\Local Settings\History
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files

----------------------------------
Total changes:568
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: UserInit
Author: Unknown
Related File: C:\WINDOWS\system32\userinit.exe,D:\FlySoft\micsoft.exe
Type: UserInit Value

Item Name: 5BC22F3A
Author:
Related File: C:\WINDOWS\Fonts\71947010.EXE -k
Type: Auto Services

Item Name: APPMGMTS.DLL
Author: Unknown
Related File: C:\WINDOWS\SYSTEM32\APPMGMTS.DLL
Type: Infected System Files

Item Name: IeUpDate
Author: Unknown
Related File: C:\Program Files\Internet Explorer\UpDate.exe
Type: Registry RunOnce

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
micsoft.exe

Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.06 -
AVG 8.5.0.406 2009.08.06 Agent2.OWG
BitDefender 7.2 2009.08.06 -
Comodo 1888 2009.08.06 -
DrWeb 5.0.0.12182 2009.08.06 Trojan.MulDrop.33192
F-Secure 8.0.14470.0 2009.08.06 -
Kaspersky 7.0.0.125 2009.08.06 -
Microsoft 1.4903 2009.08.06 -
NOD32 4312 2009.08.06 a variant of Win32/Agent.PHX
Symantec 1.4.4.12 2009.08.06 Backdoor.Trojan

Additional information
File size: 118784 bytes
MD5 : 19457aa1f9c8f6551e58d40423d8e2e3
SHA1 : 05f96ed4583f4dab5b0b23549703a872044fcf8a
-------------------------------------------------------------------------------------
71947010.EXE

Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.06 -
AVG 8.5.0.406 2009.08.07 -
BitDefender 7.2 2009.08.07 Win32.Worm.Winko.I
Comodo 1896 2009.08.07 -
DrWeb 5.0.0.12182 2009.08.07 -
F-Secure 8.0.14470.0 2009.08.07 -
Kaspersky 7.0.0.125 2009.08.07 -
Microsoft 1.4903 2009.08.07 TrojanDownloader:Win32/Agent.BA
NOD32 4314 2009.08.07 -
Symantec 1.4.4.12 2009.08.07 -

Additional information
File size: 176182 bytes
MD5...: 6bad37b8437d360284506b867ebc3737
SHA1..: 70f88e0926268246b95613adda4689cd1c6ced16
-------------------------------------------------------------------------------------
APPMGMTS.dll

Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 Generic.Malware.P!dld!.AD86FDA3
Comodo 1876 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
F-Secure 8.0.14470.0 2009.08.05 Trojan-Downloader.Win32.Clan.d
Kaspersky 7.0.0.125 2009.08.05 Trojan-Downloader.Win32.Clan.d
Microsoft 1.4903 2009.08.04 Trojan:Win32/Killav.DK
NOD32 4309 2009.08.05 Win32/TrojanDownloader.Agent.PJV
Symantec 1.4.4.12 2009.08.05 Trojan.KillAV

Additional information
File size: 9216 bytes
MD5 : 0992ac6365d96e0aeab21ca9b6faef77
SHA1 : 58ee7f8b08ddd393be649a1bd90e9806ffa357e6
-------------------------------------------------------------------------------------
UpDate.exe

Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 Generic.Malware.SP!Pk!g.F69BA5F1
Comodo 1875 2009.08.05 -
F-Secure 8.0.14470.0 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 Heur.AntiAV
Microsoft 1.4903 2009.08.04 PWS:Win32/Frethog.gen!C
NOD32 4309 2009.08.05 probably a variant of Win32/Genetik
Symantec 1.4.4.12 2009.08.05 -

Additional information
File size: 53899 bytes
MD5 : 15b3afc558c3e4f558d92589e99629ff
SHA1 : 9d4ce981ab90c7a5f1a2de75887ccf954c4de150
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove QQLPDP.EXE.HTM now!

Virus Problem? Google Redirects? Ads? Slow?

First download the latest version UnHackMe: Download UnHackMe.
Open the archive and start the unhackme_setup.exe.
When the installation is over you will see the main UnHackMe screen.
Click on the Advanced button and choose �Send report to the support center� in the popup menu. Follow the instructions. The report file (regrunlog.txt) will be saved on your Desktop.
Go to the Support Center. Attach it to your ticket and click on the Browse button and then to the regrunlog.txt file. Don�t insert the report text directly into the message text! We won�t be able to analyse such a report. Describe your problem in detail. Add the screenshot, your antivirus log or suspicious files.

Constantly updated. Last update: February 5 2012

Fix Windows PC's Fast! Automated Software Repairs damaged & slow windows systems in 1 click.

Quick Links: What's new?
RSS Feed
Add to AppDatabase
Ask Experts
Join forum
Links
Articles: Virus or not? SPTD####.sys
What is mc21.tmp, mc22.tmp, mc23.tmp?
Select: Necessary
Useless
At your option
Dangerous