Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

is-SG0QJ.exe Malware or Legit?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

is-SG0QJ.exe Malware or Legit?

Unread postby defyal » June 26th, 2011, 11:20 am

Hi, the following occurred on the 18th but this is the first chance I've had to ask for help.

Back on the 18th I was updating my PC, a combination of Windows Updates and new versions of various software (Adobe Flash, Java, FileZilla, CCleaner, SpyBot, FF ect...). I got a bit behind on my maintenance due to work commitments.

After a restart from installing Windows Updates and whilst I was updating Evernote, WinPatrol informed me of an app called is-SG0QJ.exe (in c:\windows) was trying to add itself to my start up list as a RunOnce.

I googled it and found no relevant results, so I checked out it's file details (Right click->properties->details) and found the following:
Product Name: <BLANK>
Product Version: <BLANK>
Copyright: <BLANK>
Digitally Signed: NO
C-Time: 18th June '11 18:03:38
M-Time: 18th June '11 18:03:39
A-Time: 18th June '11 18:03:38

There are also two other files with this one with same name but different file extensions (lst & msg)

With the file having no Product Name, Version or Copyright and not being digitally signed. I grew concerned and told WinPatol not to allow it, but it popped up again. I denied it a few more times, but it kept popping back. To me that seems like it has a partner program continually trying to add it to the startup list.

I ran every anti-virus/spyware/malware ect... app I could think of. None found any infections. The n I came across this forum.

Am I just being overly paranoid about this or is there something to worry about?

Thank you for your help in advance.

================== DDS.txt ==================

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Dan at 16:11:26 on 2011-06-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.6143.2082 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7xcm1wyi.FF Beta\extensions\startup.service@mozilla.com\svc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Belkin Bulldog Plus\UPS-Service.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\User Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Belkin Bulldog Plus\UPS-Status.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Dan\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\Oracle\VIRTUA~1\VBoxSVC.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\Oracle\VIRTUA~1\VirtualBox.exe
C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = localhost;*.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7xcm1wyi.FF Beta\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.87.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [TrueCrypt] "C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
mRun: [<NO NAME>]
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [UPS-Status] C:\Program Files (x86)\Belkin Bulldog Plus\UPS-Status.exe
mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Pageant.lnk - C:\Program Files (x86)\PuTTY\pageant.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 79.98.39.170 79.98.39.162
TCP: Interfaces\{4C55D0AB-2172-4E77-998E-9B85B3363F30} : NameServer = 192.168.1.1
TCP: Interfaces\{C29C493F-DAB0-4D31-A381-99E211213339} : DhcpNameServer = 79.98.39.170 79.98.39.162
Notify: WBSrv - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~2\COMMON~1\Stardock\mcpcore.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7xcm1wyi.FF Beta\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.87.dll
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [(Default)]
mRun-x64: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [UPS-Status] C:\Program Files (x86)\Belkin Bulldog Plus\UPS-Status.exe
mRun-x64: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SSODL-X64: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~2\COMMON~1\Stardock\mcpcore.dll
SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.1.34 apollo.kdan.co.uk
Hosts: 192.168.1.34 blackatom.kdan.co.uk
Hosts: 192.168.1.34 crowdersonline.kdan.co.uk
Hosts: 192.168.1.34 koc.kdan.co.uk
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7xcm1wyi.FF Beta\
FF - component: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7xcm1wyi.FF Beta\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7xcm1wyi.FF Beta\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Users\Dan\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Users\Dan\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-6-19 3246040]
R2 Firefox Service;Firefox Service;C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7xcm1wyi.FF Beta\extensions\startup.service@mozilla.com\svc.exe [2011-4-3 83456]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-4-23 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-4-3 240232]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
.
=============== Created Last 30 ================
.
2011-06-26 14:41:52 388096 ----a-r- C:\Users\Dan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-25 15:48:32 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8B87170-AB74-46BD-BCB3-4E34F51CC4AA}\mpengine.dll
2011-06-22 22:41:36 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 22:41:36 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-19 14:27:52 -------- d-----w- C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
2011-06-19 14:27:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-06-19 14:25:19 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2011-06-19 14:25:18 -------- d-----w- C:\Users\Dan\AppData\Roaming\6758F150-D9E5-4D28-82D1-7AEE74388C90
2011-06-19 14:25:10 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2011-06-18 17:03:38 704512 ----a-w- C:\Windows\is-SG0QJ.exe
2011-06-18 14:57:40 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-06-18 14:57:40 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-06-18 14:49:24 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-17 23:23:23 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-17 23:23:22 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-17 23:23:17 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-17 23:23:17 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-17 23:23:17 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-17 23:23:13 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-17 23:23:11 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-17 23:23:11 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-17 23:23:11 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-17 23:22:06 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-17 23:22:06 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-17 23:21:37 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-17 23:21:37 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-15 19:34:53 -------- d-----w- C:\Users\Dan\AppData\Roaming\FireShot
2011-06-09 22:43:39 -------- d-----w- C:\Program Files (x86)\AirVideoServer
2011-06-08 19:25:24 -------- d-----w- C:\Program Files\iPod
2011-05-30 15:32:38 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-30 15:32:35 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-30 15:32:35 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-30 15:32:03 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-30 15:04:23 -------- d-----w- C:\Program Files\Bonjour
2011-05-30 12:04:31 -------- d-----w- C:\Users\Dan\AppData\Local\Growl_Extras
2011-05-28 16:33:12 -------- d-----w- C:\ProgramData\Soluto
.
==================== Find3M ====================
.
2011-06-19 14:26:43 2784608 ----a-w- C:\Windows\System32\auto_reactivate.exe
2011-06-19 14:25:12 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2011-06-18 14:44:11 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-05-14 09:43:08 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2011-05-02 19:40:49 69 ----atw- C:\Users\Dan\TCL5B38.tmp
2011-05-02 19:40:48 0 ----atw- C:\Users\Dan\TCL5AF8.tmp
2011-05-02 19:40:48 0 ----atw- C:\Users\Dan\TCL5A8A.tmp
2011-05-02 19:40:48 0 ----atw- C:\Users\Dan\TCL5A2B.tmp
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
.
============= FINISH: 16:14:30.52 ===============







.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 30/01/2010 23:18:06
System Uptime: 26/06/2011 15:20:43 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q DELUXE
Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz | LGA 775 | 2833/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
B: is FIXED (NTFS) - 932 GiB total, 101.209 GiB free.
C: is FIXED (NTFS) - 198 GiB total, 29.046 GiB free.
D: is CDROM ()
I: is FIXED (NTFS) - 466 GiB total, 171.124 GiB free.
R: is Removable
V: is FIXED (NTFS) - 1397 GiB total, 65.597 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP461: 19/05/2011 20:35:04 - Windows Update
RP463: 24/05/2011 19:27:01 - Windows Update
RP467: 28/05/2011 18:45:24 - Windows Update
RP472: 30/05/2011 15:28:44 - Removed iTuner
RP473: 30/05/2011 15:29:28 - Removed Growl iTunes Plug-in
RP474: 30/05/2011 15:33:45 - Removed Growl for Windows
RP475: 30/05/2011 16:32:54 - Windows Update
RP476: 05/06/2011 19:31:31 - Windows Update
RP477: 09/06/2011 22:30:58 - Windows Update
RP478: 13/06/2011 21:51:46 - Windows Update
RP479: 17/06/2011 18:40:31 - Windows Update
RP480: 18/06/2011 00:28:38 - Windows Update
RP481: 18/06/2011 15:37:56 - Installed Java(TM) 6 Update 26 (64-bit)
RP482: 18/06/2011 16:07:11 - Windows Update
RP485: 19/06/2011 13:02:31 - Removed Evernote v. 4.3
RP486: 19/06/2011 13:04:44 - Installed Evernote v. 4.4
RP487: 19/06/2011 18:50:04 - Installed OpenOffice.org 3.3
RP488: 22/06/2011 23:27:50 - Windows Update
RP489: 26/06/2011 15:34:20 - Installed HiJackThis
RP490: 26/06/2011 15:39:34 - Installed HiJackThis
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.1.34 apollo.kdan.co.uk
Hosts: 192.168.1.34 blackatom.kdan.co.uk
Hosts: 192.168.1.34 crowdersonline.kdan.co.uk
Hosts: 192.168.1.34 koc.kdan.co.uk
Hosts: 192.168.1.34 zf.kdan.co.uk
Hosts: 192.168.1.34 doctrine.kdan.co.uk
Hosts: 192.168.1.34 appbase.kdan.co.uk
Hosts: 192.168.1.32 axia.defiant.kdan.co.uk
Hosts: 192.168.1.32 test.defiant.kdan.co.uk
Hosts: 192.168.1.32 powertoolspares.defiant.kdan.co.uk
Hosts: 192.168.1.32 completecareconsultants.defiant.kdan.co.uk
Hosts: 192.168.1.32 javascript.defiant.kdan.co.uk
Hosts: 192.168.1.32 raycare.defiant.kdan.co.uk
Hosts: 192.168.1.32 giftmouse.defiant.kdan.co.uk
.
==== Installed Programs ======================
.
Acronis True Image Home 2011
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Air Video Server 2.4.3
AnyDVD
Apple Application Support
Apple Software Update
Aspell English Dictionary-0.50-2
AVS DVDMenu Editor 1.2.1.19
AVS Video Tools 5.6
Belkin Bulldog Plus
CKRename
CSE HTML Validator Lite v6.52
DAEMON Tools Lite
Desktop Media 1.7
DesktopX
Digsby
Dropbox
DVD Shrink 3.2
eReg
erLT
Evernote v. 4.4
Fences Pro
File Shredder 2.0
FileHippo.com Update Checker
FileZilla Client 3.5.0
Git version 1.7.4-preview20110204
GNU Aspell 0.50-3
GnuCash 2.2.9
Google Chrome
GPGNet
GTK+ Runtime 2.14.7 rev a (remove only)
Handbrake 0.9.4
HiJackThis
HMA! Pro VPN 2.4.1
Host OpenAL (ADI)
HP USB Disk Storage Format Tool
IconDeveloper
IconPackager 5
ImgBurn
Impulse
iPhoneBrowser
Java Auto Updater
Java(TM) 6 Update 24
LastPass (uninstall only)
Launchy 2.1.2
Logitech Desktop Messenger
Logitech iTouch Software
Logitech Resource Center
LogonStudio
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mobile Mouse Server
Mozilla Embedded Browser version 3.0
Mozilla Firefox 5.0 (x86 en-US)
Notepad++
NuSphere PhpED version 5.8
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.3
OpenVPN 2.1.1
PDF Settings
php-5.2.9 for NuSphere PhpED
PHP 5.3.6
Php Documentor version 1.4.2 for NuSphere PhpED
Plus Pack for Acronis True Image Home 2011
Polystyle 2.0zo (trial) for NuSphere PhpED
PuTTY version 0.60
QuickTime
RollerCoaster Tycoon 3
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
SimCity 4 Deluxe
SkinStudio 7 Professional
SoundMAX
SpeedFan (remove only)
Spybot - Search & Destroy
Supreme Commander
SyncBackSE
System Monitor
TortoiseSVN 1.6.6.17493 (32 bit)
TreeSize Free V2.5
TrueCrypt
Tweak7
UltraVnc
Unity Web Player
VLC Connection Utility 2.50
VLC media player 1.1.5
WindowBlinds 7
WinMerge 2.12.4
WinRAR archiver
WinSCP 4.3.3
X3 Reunion v2.5
X3 Terran Conflict v3.1
XBMC
Xenu's Link Sleuth
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
26/06/2011 15:27:42, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
26/06/2011 15:22:27, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
26/06/2011 15:06:36, Error: Service Control Manager [7016] - The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.
23/06/2011 23:12:40, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SDRSVC service.
23/06/2011 19:36:36, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
defyal
Active Member
 
Posts: 3
Joined: June 26th, 2011, 10:59 am
Advertisement
Register to Remove

Re: is-SG0QJ.exe Malware or Legit?

Unread postby deltalima » June 28th, 2011, 1:02 pm

Hi defyal,

Is this computer used for business?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: is-SG0QJ.exe Malware or Legit?

Unread postby defyal » June 28th, 2011, 3:47 pm

Hi Deltalima,

No it's not, why do you ask?

D
defyal
Active Member
 
Posts: 3
Joined: June 26th, 2011, 10:59 am

Re: is-SG0QJ.exe Malware or Legit?

Unread postby deltalima » June 28th, 2011, 3:58 pm

Hi defyal,

Hosts: 192.168.1.32 completecareconsultants.defiant.kdan.co.uk


What is the connection with kdan.co.uk?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: is-SG0QJ.exe Malware or Legit?

Unread postby defyal » June 28th, 2011, 5:32 pm

Hi Deltalima,

Thanks for you quick response.

Kdan.co.uk is my short domain I use for my home network. It's my first name prefixed with the first letter of my last, the other way would have been dank.co.uk, "dank" I didn't like that. Defiant.kdan.co.uk is a VirtualBox VM on my PC.

I take it your interested in kdan.co.uk as you think my PC is for business, which conflicts with "This forum was set up specifically to help home users, our volunteer helpers choose not to work on machines used for other purposes.". So let me list what I use my PC for (provided you believe me of course):
* General web browsing
* Personal organisation
* Occasional Gaming (Xbox FTW)
* Playing with new Web technologies. HTML5, CSS3 is my main interest ATM, but it can be anything relating to the web, such as Nginx+PHP-FPM. Some of the skills/lesson I learn here do benefit work.
* For work projects (rarely). Only when I've had no choice, closing deadline or bug discovered whilst I'm off. Can I be penalised for this?

Here is a list of all my HOST file entries, and there reasons for being:
apollo.kdan.co.uk - Was my old VM, defiant replaced it when I switch to Nginx + PHP-FPM
blackatom.kdan.co.uk - Was a project I was working on to help me manage my media library, got dropped in the end in favour of Media Companion
koc.kdan.co.uk - Kingdoms of Camelot (Facebook app) an app I created to help track the game. I don't play/use this any more.
zf.kdan.co.uk - From when I first started playing with Zend Framework
doctrine.kdan.co.uk - For when I first playing with Doctrine ORM
appbase.kdan.co.uk - I can't quite remember, but I think this was for creating a base application structure with Zend Framework & Doctrine. Which I was planning on using for all my projects from then on.
axia.defiant.kdan.co.uk - Axia is my PHP library/namespace containing personalised changes/improvements for both ZF and Doctrine.
test.defiant.kdan.co.uk - Test VHost from setting up defiant.
javascript.defiant.kdan.co.uk - Where I play with jQuery and other JavaScript frameworks/tools/ideas.

The following are from when I had to take work home (due to closing deadlines) or when I've been off but work rang with something for me to fix (VPN connection is ****, so it's just easier to copy what I need using WinSCP and work locally then push it back).
powertoolspares.defiant.kdan.co.uk
completecareconsultants.defiant.kdan.co.uk
raycare.defiant.kdan.co.uk
giftmouse.defiant.kdan.co.uk

I hope you decide to help me.

Thank you for your time,
D

Edit: Edited profanity
defyal
Active Member
 
Posts: 3
Joined: June 26th, 2011, 10:59 am

Re: is-SG0QJ.exe Malware or Legit?

Unread postby deltalima » June 28th, 2011, 5:43 pm

I see you are posting for help for a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware