Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown possible Virus/malware shutting down my Firewall


  • This topic is locked This topic is locked
13 replies to this topic

#1 sspain

sspain

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 12 June 2009 - 03:40 PM

I'm thinking I've got some sort of virus or malware on my computer as my Windows firewall keeps getting turned off without any action taken by me. Along with that I randomly get an error message saying:
C:\WINDOWS\Sysvxd.exe
The NTVDM CPU has encountered an illegal instruction.
Sc:0562 IP:06d0 OP:63 6f 6c 6f 72 Choose ‘Close’ to terminate the application.

I have no idea what it would be as my virus protection will not pick it up. It's not really a serious problem as the firewall gets shut down maybe only once or twice a day, and I am always able to immediately turn it back on, but it is definitely annoying, the random error message causes programs to crash, I don't know what it might be doing that I am unaware of, and I just generally want it off my computer.
Any help would be greatly appreciated.
Sean



DDS (Ver_09-05-14.01) - NTFSx86
Run by Sean at 16:22:29.00 on Fri 06/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2221 [GMT -4:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NBC Direct\DirectPlayerCore.exe
"C:\WINDOWS\system32\drivers\svchost.exe"
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Pando Networks\Media Booster\pmb.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\DEHR40DX\dds[1].scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] c:\program files\valve\steam\\Steam.exe -silent
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [DirectPlayerCore] "c:\program files\nbc direct\DirectPlayerCore.exe"
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
uRun: [nah_Shell] c:\documents and settings\sean\nah_uwyc.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [DeadAIM] rundll32.exe "c:\progra~1\aim\\DeadAIM.ocm",ExportedCheckODLs
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [U.S. Robotics Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sean\applic~1\mozilla\firefox\profiles\erwqgmkv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll

============= SERVICES / DRIVERS ===============

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-3-18 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-3-18 38528]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-5-7 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-8-21 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2008-12-23 172032]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-3-19 39048]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-3-19 11520]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-3-18 14976]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]

=============== Created Last 30 ================

2009-06-11 01:09 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 01:09 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-10 01:10 24,064 -------- c:\windows\system32\msxml3a.dll
2009-06-10 00:49 <DIR> --d----- c:\program files\VideoLAN
2009-06-08 22:20 <DIR> --d----- c:\program files\Roxio
2009-06-07 16:39 <DIR> --dsh--- c:\documents and settings\sean\IECompatCache
2009-06-07 16:36 <DIR> --dsh--- c:\documents and settings\sean\PrivacIE
2009-06-07 16:33 <DIR> --dsh--- c:\documents and settings\sean\IETldCache
2009-06-07 16:32 <DIR> --d----- c:\windows\ie8updates
2009-06-07 16:31 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-07 16:29 <DIR> -cd-h--- c:\windows\ie8
2009-06-05 19:42 61,457 a------- c:\windows\Sysvxd.exe
2009-06-05 18:02 75,776 a------- c:\documents and settings\sean\nah_uwyc.exe
2009-06-05 18:02 41,644 a------- c:\windows\system32\drivers\svchost.exe
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-03-28 17:07 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-23 12:13 130,104 a------- c:\windows\system32\sdccoinstaller.dll
2009-03-22 15:13 124,397 a------- c:\windows\HPHins12.dat
2009-03-19 21:54 364,544 a------- c:\windows\system32\WDBtnMgr.exe
2009-03-19 10:44 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-18 01:56 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 16:23:21.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 AM

Posted 20 June 2009 - 08:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 sspain

sspain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 21 June 2009 - 12:42 PM

Yes I am still having the problem. All I can notice still is that my firewall is continuously shut down with out any action made by me, and I continue to get the error message reading:

C:\WINDOWS\Sysvxd.exe
The NTVDM CPU has encountered an illegal instruction.
Sc:0562 IP:06d0 OP:63 6f 6c 6f 72 Choose ‘Close’ to terminate the application.

I have run a Sophos scan and it hasn't picked up anything.



DDS (Ver_09-05-14.01) - NTFSx86
Run by Sean at 13:30:18.82 on Sun 06/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2398 [GMT -4:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Valve\Steam\Steam.exe
"C:\WINDOWS\system32\drivers\svchost.exe"
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sean\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] c:\program files\valve\steam\\Steam.exe -silent
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
uRun: [nah_Shell] c:\documents and settings\sean\nah_uwyc.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [DeadAIM] rundll32.exe "c:\progra~1\aim\\DeadAIM.ocm",ExportedCheckODLs
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [U.S. Robotics Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sean\applic~1\mozilla\firefox\profiles\erwqgmkv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll

============= SERVICES / DRIVERS ===============

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-3-18 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-3-18 38528]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-5-7 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-8-21 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2008-12-23 172032]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-3-19 39048]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-3-19 11520]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-3-18 14976]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]

=============== Created Last 30 ================

2009-06-16 19:41 <DIR> --d----- c:\program files\NifTools
2009-06-16 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap
2009-06-16 14:26 25 a------- c:\windows\popcinfot.dat
2009-06-16 14:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap Games
2009-06-16 14:24 <DIR> --d----- c:\program files\PopCap Games
2009-06-15 21:44 <DIR> --d----- C:\Python26
2009-06-15 21:42 <DIR> --d----- c:\program files\Blender Foundation
2009-06-11 01:09 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 01:09 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-10 01:10 24,064 -------- c:\windows\system32\msxml3a.dll
2009-06-10 00:49 <DIR> --d----- c:\program files\VideoLAN
2009-06-08 22:20 <DIR> --d----- c:\program files\Roxio
2009-06-07 16:39 <DIR> --dsh--- c:\documents and settings\sean\IECompatCache
2009-06-07 16:36 <DIR> --dsh--- c:\documents and settings\sean\PrivacIE
2009-06-07 16:33 <DIR> --dsh--- c:\documents and settings\sean\IETldCache
2009-06-07 16:32 <DIR> --d----- c:\windows\ie8updates
2009-06-07 16:31 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-07 16:29 <DIR> -cd-h--- c:\windows\ie8
2009-06-05 19:42 22,521 a------- c:\windows\Sysvxd.exe
2009-06-05 18:02 75,776 a------- c:\documents and settings\sean\nah_uwyc.exe
2009-06-05 18:02 41,644 a------- c:\windows\system32\drivers\svchost.exe
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-14 22:42 2,134,016 a------- c:\windows\system32\python26.dll
2009-03-28 17:07 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-19 10:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031920090320\index.dat

============= FINISH: 13:31:11.71 ===============

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 AM

Posted 24 June 2009 - 02:36 PM

Hello sspain,

Please follow all directions as given.Please make no further changes to your computer unless instructed to. Doing so could further harm or increase the amount of time it takes to fix your machine.

1.
Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

2.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Things to include in your next reply:
MBAM log
GMer log
DDS txt.
How is your computer running now?
Still getting that error message?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 AM

Posted 28 June 2009 - 09:54 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding :thumbup2:

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 sspain

sspain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 28 June 2009 - 11:38 AM

Sorry, I was waiting a few days to see if the message ever came back or my firewall got shut down again. So far so good.


Malwarebytes' Anti-Malware 1.38
Database version: 2330
Windows 5.1.2600 Service Pack 3

6/24/2009 5:30:55 PM
mbam-log-2009-06-24 (17-30-55).txt

Scan type: Quick Scan
Objects scanned: 93205
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nah_shell (Trojan.Hanam) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Sean\nah_uwyc.exe (Trojan.Hanam) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\chrome\amba.jar (Trojan.Hanam) -> Quarantined and deleted successfully.




GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-24 23:07:58
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateKey [0xB7B72FA0]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwDeleteKey [0xB7B730F6]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetValueKey [0xB7B7315C]

---- Kernel code sections - GMER 1.0.15 ----

? iobjovc.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 552F4FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 552FAC90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552FAA10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552FABF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552FABD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552FAB50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552FAB30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552FAB10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552FAC70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552FAA30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 552FB880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 552FAAB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 552FAB70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 552FAA90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 552FAAF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 552FAC30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 552FAA70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 552FAA50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 552FAB90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 552FAAD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 552FAC50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 552FAC10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 552FABB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552FADB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552FAD90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552FADD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552FAE50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552FAE30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552FAD50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552FAD30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552FAE10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552FADF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552FAD70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 552F4FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 552FAC90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552FAA10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552FABF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552FABD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552FAB50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552FAB30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552FAB10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552FAC70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552FAA30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 552FB880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 552FAAB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 552FAB70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 552FAA90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 552FAAF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 552FAC30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 552FAA70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 552FAA50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 552FAB90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 552FAAD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 552FAC50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 552FAC10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 552FABB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552FADB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552FAD90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552FADD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552FAE50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552FAE30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552FAD50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552FAD30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552FAE10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552FADF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552FAD70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 552F4FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 552FAC90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552FAA10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552FABF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552FABD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552FAB50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552FAB30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552FAB10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552FAC70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552FAA30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 552FB880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 552FAAB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 552FAB70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 552FAA90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 552FAAF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 552FAC30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 552FAA70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 552FAA50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 552FAB90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 552FAAD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 552FAC50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 552FAC10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 552FABB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 552FAD10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!InternetQueryDataAvailable 3D94C067 5 Bytes JMP 552FACF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 552FACB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 552FACD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552FADB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552FAD90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552FADD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552FAE50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552FAE30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552FAD50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552FAD30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552FAE10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552FADF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552FAD70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 552F4FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 552FAC90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552FAA10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552FABF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552FABD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552FAB50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552FAB30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552FAB10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552FAC70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552FAA30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 552FB880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 552FAAB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 552FAB70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 552FAA90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 552FAAF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 552FAC30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 552FAA70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 552FAA50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 552FAB90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 552FAAD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 552FAC50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 552FAC10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 552FABB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552FADB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552FAD90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552FADD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552FAE50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552FAE30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552FAD50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552FAD30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552FAE10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552FADF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552FAD70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 552F4FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 552FAC90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552FAA10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552FABF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552FABD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552FAB50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552FAB30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552FAB10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552FAC70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552FAA30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 552FB880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 552FAAB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 552FAB70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 552FAA90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 552FAAF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 552FAC30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 552FAA70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 552FAA50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 552FAB90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 552FAAD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 552FAC50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 552FAC10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 552FABB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552FADB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552FAD90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552FADD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552FAE50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552FAE30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552FAD50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552FAD30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552FAE10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552FADF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552FAD70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 552FAD10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WININET.dll!InternetQueryDataAvailable 3D94C067 5 Bytes JMP 552FACF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 552FACB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1136] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 552FACD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 552F4FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 552FAC90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552FAA10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552FABF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552FABD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552FAB50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552FAB30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552FAB10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552FAC70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552FAA30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 552FB880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 552FAB70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 552FAA90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 552FAAF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 552FAC30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 552FAA70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 552FAA50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 552FAB90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 552FAAD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 552FAC50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 552FAC10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 552FABB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 552FAD10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WININET.dll!InternetQueryDataAvailable 3D94C067 5 Bytes JMP 552FACF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 552FACB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 552FACD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552FADB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552FAD90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552FADD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552FAE50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552FAE30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552FAD50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552FAD30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552FAE10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552FADF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552FAD70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 552F4FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 552FAC90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552FAA10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552FABF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552FABD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552FAB50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552FAB30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552FAB10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552FAC70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552FAA30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 552FB880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 552FAAB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 552FAB70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 552FAA90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 552FAAF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 552FAC30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 552FAA70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 552FAA50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 552FAB90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 552FAAD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 552FAC50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 552FAC10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 552FABB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552FADB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552FAD90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552FADD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552FAE50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552FAE30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552FAD50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552FAD30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552FAE10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552FADF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552FAD70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 552F4FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 552FAC90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552FAA10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552FABF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552FABD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552FAB50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552FAB30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552FAB10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552FAC70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552FAA30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 552FB880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 552FAAB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 552FAB70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 552FAA90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 552FAAF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 552FAC30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 552FAA70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 552FAA50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 552FAB90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 552FAAD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 552FAC50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 552FAC10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 552FABB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552FADB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552FAD90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552FADD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552FAE50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552FAE30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552FAD50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552FAD30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552FAE10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552FADF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552FAD70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 552F4FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 552FAC90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552FAA10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552FABF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552FABD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552FAB50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552FAB30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552FAB10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552FAC70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552FAA30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 552FB880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 552FAAB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 552FAB70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 552FAA90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 552FAAF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 552FAC30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 552FAA70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 552FAA50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 552FAB90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 552FAAD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 552FAC50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 552FAC10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2412] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 552FABB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort2 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-19 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

---- EOF - GMER 1.0.15 ----



DDS (Ver_09-06-26.01) - NTFSx86
Run by Sean at 12:31:20.92 on Sun 06/28/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2425 [GMT -4:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\MQ2PUQ72\dds[1].scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [DeadAIM] rundll32.exe "c:\progra~1\aim\\DeadAIM.ocm",ExportedCheckODLs
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [U.S. Robotics Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sean\applic~1\mozilla\firefox\profiles\erwqgmkv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-3-18 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-3-18 38528]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-5-7 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-8-21 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2008-12-23 172032]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-3-19 39048]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-3-19 11520]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-3-18 14976]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]

=============== Created Last 30 ================

2009-06-24 17:51 <DIR> --d-h--- c:\windows\PIF
2009-06-24 17:20 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 17:20 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-24 17:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 19:23 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-22 19:23 22,328 a------- c:\docume~1\sean\applic~1\PnkBstrK.sys
2009-06-22 19:23 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-06-22 19:23 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-06-22 19:23 2,250,024 a------- c:\windows\system32\pbsvc.exe
2009-06-22 02:09 <DIR> --d----- c:\program files\SlySoft
2009-06-21 17:52 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-06-21 17:52 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-06-21 17:52 14,336 a------- c:\windows\system32\ff_vfw.dll
2009-06-21 17:38 <DIR> --d----- c:\program files\ffdshow
2009-06-16 19:41 <DIR> --d----- c:\program files\NifTools
2009-06-16 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap
2009-06-16 14:26 48 a------- c:\windows\popcinfot.dat
2009-06-16 14:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap Games
2009-06-16 14:24 <DIR> --d----- c:\program files\PopCap Games
2009-06-15 21:44 <DIR> --d----- C:\Python26
2009-06-15 21:42 <DIR> --d----- c:\program files\Blender Foundation
2009-06-11 01:09 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 01:09 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-10 01:10 24,064 -------- c:\windows\system32\msxml3a.dll
2009-06-10 00:49 <DIR> --d----- c:\program files\VideoLAN
2009-06-08 22:20 <DIR> --d----- c:\program files\Roxio
2009-06-07 16:39 <DIR> --dsh--- c:\documents and settings\sean\IECompatCache
2009-06-07 16:36 <DIR> --dsh--- c:\documents and settings\sean\PrivacIE
2009-06-07 16:33 <DIR> --dsh--- c:\documents and settings\sean\IETldCache
2009-06-07 16:32 <DIR> --d----- c:\windows\ie8updates
2009-06-07 16:31 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-07 16:29 <DIR> -cd-h--- c:\windows\ie8

==================== Find3M ====================

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-14 22:42 2,134,016 a------- c:\windows\system32\python26.dll
2009-03-19 10:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031920090320\index.dat

============= FINISH: 12:31:41.42 ===============

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 AM

Posted 29 June 2009 - 07:03 PM

Hello sspain,

1.
Revealin hidden files

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

2.
Use Windows Explorer to find and delete these files and folders:

c:\documents and settings\allusers\application data\PopCap Games
c:\program files\PopCap Games
c:\documents and settings\allusers\application data\PopCap
c:\windows\popcinfot.dat


As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


3. Hiding hidden files

Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

4.
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Things to include in your next reply:
Where you able to delete the folders from above?
Kaspersky log
DDS txt
How is your machine running now? Any sign or symptoms of infection?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 AM

Posted 03 July 2009 - 05:36 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding :thumbup2:

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 sspain

sspain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 04 July 2009 - 02:15 AM

Sorry about that. I was waiting for any sign of infection. So far there's been nothing.
Yes I was able to delete the files.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 30, 2009 03:38:35
Records in database: 2403678
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 181445
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:36:32


File name / Threat name / Threats count
C:\cleanup.exe Infected: Trojan.Win32.Zapchast.uy 1

The selected area was scanned.




DDS (Ver_09-06-26.01) - NTFSx86
Run by Sean at 2:28:43.56 on Sat 07/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2333 [GMT -4:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\EYK9RSZ2\dds[1].scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [DeadAIM] rundll32.exe "c:\progra~1\aim\\DeadAIM.ocm",ExportedCheckODLs
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [U.S. Robotics Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sean\applic~1\mozilla\firefox\profiles\erwqgmkv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-3-18 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-3-18 38528]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-5-7 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-8-21 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-6-11 172032]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-3-19 39048]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-3-19 11520]
S4 Pmepis12sia;Pmepis12sia; [x]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-3-18 14976]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]

=============== Created Last 30 ================

2009-07-01 14:44 <DIR> --d----- c:\docume~1\sean\applic~1\Microsoft Games
2009-07-01 04:29 319 a------- c:\windows\game.ini
2009-06-30 18:23 551 a------- c:\windows\eReg.dat
2009-06-30 18:00 <DIR> --d----- c:\program files\EA GAMES
2009-06-30 17:47 223,128 a------- c:\windows\system32\drivers\dtscsi.sys
2009-06-30 17:43 643,072 a------- c:\windows\system32\drivers\sptd.sys
2009-06-30 17:43 96,384 a------- c:\windows\system32\drivers\sptd9885.sys
2009-06-24 17:51 <DIR> --d-h--- c:\windows\PIF
2009-06-24 17:20 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 17:20 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-24 17:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 19:23 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-22 19:23 22,328 a------- c:\docume~1\sean\applic~1\PnkBstrK.sys
2009-06-22 19:23 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-06-22 19:23 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-06-22 19:23 2,250,024 a------- c:\windows\system32\pbsvc.exe
2009-06-22 02:09 <DIR> --d----- c:\program files\SlySoft
2009-06-21 17:52 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-06-21 17:52 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-06-21 17:52 14,336 a------- c:\windows\system32\ff_vfw.dll
2009-06-21 17:38 <DIR> --d----- c:\program files\ffdshow
2009-06-16 19:41 <DIR> --d----- c:\program files\NifTools
2009-06-15 21:44 <DIR> --d----- C:\Python26
2009-06-15 21:42 <DIR> --d----- c:\program files\Blender Foundation
2009-06-11 01:09 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 01:09 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-10 01:10 24,064 -------- c:\windows\system32\msxml3a.dll
2009-06-10 00:49 <DIR> --d----- c:\program files\VideoLAN
2009-06-08 22:20 <DIR> --d----- c:\program files\Roxio
2009-06-07 16:39 <DIR> --dsh--- c:\documents and settings\sean\IECompatCache
2009-06-07 16:36 <DIR> --dsh--- c:\documents and settings\sean\PrivacIE
2009-06-07 16:33 <DIR> --dsh--- c:\documents and settings\sean\IETldCache
2009-06-07 16:32 <DIR> --d----- c:\windows\ie8updates
2009-06-07 16:31 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-07 16:29 <DIR> -cd-h--- c:\windows\ie8

==================== Find3M ====================

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-14 22:42 2,134,016 a------- c:\windows\system32\python26.dll
2009-03-19 10:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031920090320\index.dat

============= FINISH: 2:29:21.45 ===============

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 AM

Posted 05 July 2009 - 12:04 PM

Hello sspain,

1. Revealin hidden files

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

2.
Use Windows Explorer to find and delete these files:

C:\cleanup.exe

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete



3. Hiding hidden files

Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.


4.
Congradulations your log is clean!

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.
Please also have a look at the following links, giving some advice and suggestions for preventing future infections:Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
I recommend you regularly visit the Windows Update Site , you where lagging behind on a few of them!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Another recommend, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 AM

Posted 09 July 2009 - 05:29 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding :thumbup2:

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 sspain

sspain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 09 July 2009 - 05:32 PM

I'm sorry, I thought I was finished. I was not asked to give a reply. There were no instructions to post anything, what do I need to do now?

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 AM

Posted 09 July 2009 - 05:52 PM

Hello sspain,

You need to do nothing more. We just like to have a final response to make sure all is good on your end. This way we know whether or not to close this topic. Sorry about any confusion :thumbup2:

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:24 AM

Posted 10 July 2009 - 06:49 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :thumbup2:

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users