Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess / Sirefef TCP/IP Stack


  • Please log in to reply
14 replies to this topic

#1 TexasBob

TexasBob

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 23 April 2012 - 09:44 AM

Greetings,

I have been working on a computer for several days. This computer may have been infected for months. Started with Avira reporting Sirefef virus but was unable to remove it. As I worked deeper into the problem I found the computer to be in rough shape. Eventually I uninstalled Avira and installed Sophos & MBAM. I have run aswMBR & MBRCheck. I have run tools specific for removing this virus from many sources including Symantec's, VBA32's, TDSSKiller & ESET ZeroAccess removal tools. Currently I can run every tool I am aware of and now it comes out clean - EXCEPT COMBOFIX. Now I trust ComboFix enough to post this, but I am no expert. When I run ComboFix it initially reports "Failed to get data for 'EnableLUA'" but continues until messagebox pops up with "Rootkit Detected Please be patient as this may take a while" I click OK button then ComboFix has detected the presence of rootkit activity and needs to reboot the machine. I click OK button, it reboots - and nothing. ComboFix is no longer running... So I get no logs either!

I have even reset TCP/IP using "netsh int ip reset c:\resetlog.txt" which did help to get internet back up and running if needed. I have taken the infected computer off the network and can transfer files / logs using flash drives and my laptop. Infected computer seems to run fine now but I do not trust it enough to return to my sister.

Can you help?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Nita at 8:38:38 on 2012-04-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1738 [GMT -5:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Windows\wanmpsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=0309&m=aspire_x1200
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
mURLSearchHooks: H - No File
mURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {DA81B294-ED20-46EC-946B-565D182F3BE1} - No File
TB: {69D1A568-FFDF-4EF5-8919-7003582E0EE8} - No File
TB: {392D065E-4679-4D12-8342-2A2D505FD309} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
TCP: Interfaces\{76151268-DD33-4E4F-B250-038B9AD85465} : NameServer = 192.168.0.54
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll, c:\progra~1\sophos\sophos~1\sophos~1.dll,c:\progra~1\sophos\sophos~2\SOPHOS~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2012-4-20 123680]
R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [2012-4-20 31736]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-4-30 269448]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2011-11-17 212504]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2011-11-17 139800]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2011-10-23 232472]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2012-2-22 2818072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-4-29 43552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 swi_update;Sophos Web Intelligence Update;c:\programdata\sophos\web intelligence\swi_update.exe [2012-4-20 1453080]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2012-4-20 22536]
.
=============== Created Last 30 ================
.
2012-04-23 13:24:23 208896 ----a-w- c:\windows\MBR.exe
2012-04-23 13:24:20 518144 ----a-w- c:\windows\SWREG.exe
2012-04-23 13:24:20 256000 ----a-w- c:\windows\PEV.exe
2012-04-23 13:24:18 98816 ----a-w- c:\windows\sed.exe
2012-04-23 13:24:09 -------- d-s---w- C:\T1
2012-04-23 13:08:19 -------- d-s---w- C:\FF11747F
2012-04-20 17:20:01 -------- d-----w- c:\users\nita\appdata\local\Sophos
2012-04-20 17:17:16 -------- d-----w- c:\program files\common files\Cisco Systems
2012-04-20 17:17:13 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-04-20 17:17:00 -------- d-----w- c:\programdata\Sophos
2012-04-20 17:15:24 31736 ----a-w- c:\windows\system32\drivers\skmscan.sys
2012-04-20 17:15:24 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2012-04-20 17:15:24 123680 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2012-04-20 17:15:15 -------- d-----w- C:\savw_100_sa
2012-04-20 17:07:22 -------- d-s---w- C:\FF
2012-04-19 21:49:40 -------- d-----w- c:\users\nita\appdata\roaming\FixZeroAccess
2012-04-17 19:30:23 -------- d-----w- c:\program files\ESET
2012-04-13 08:18:58 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 08:18:58 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 08:18:58 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 08:18:58 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 08:18:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 08:18:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 16:54:04 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-04-12 16:53:53 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-12 16:41:05 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-12 16:40:43 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-12 16:40:43 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-12 16:40:43 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-12 16:40:43 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-12 16:40:43 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-04-12 16:25:56 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-04-12 16:25:56 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-12 14:21:11 2927104 ----a-w- c:\windows\explorer.exe
.
==================== Find3M ====================
.
2012-04-20 20:00:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-17 13:38:28 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-04-16 21:13:16 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-07 16:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 8:38:59.94 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/17/2009 10:19:30 PM
System Uptime: 4/23/2012 8:31:20 AM (0 hours ago)
.
Motherboard: Acer | | WMCP78M
Processor: Athlon™ Dual Core Processor 4050e | Socket AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 73.568 GiB free.
D: is FIXED (NTFS) - 143 GiB total, 138.822 GiB free.
E: is CDROM ()
G: is FIXED (FAT) - 0 GiB total, 0.328 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_0BDA&PID_0158\20060413092100000
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_0BDA&PID_0158\20060413092100000
Service: USBSTOR
.
==== System Restore Points ===================
.
RP230: 4/16/2012 4:46:45 PM - Scheduled Checkpoint
RP231: 4/17/2012 9:41:31 AM - Scheduled Checkpoint
RP232: 4/18/2012 - Scheduled Checkpoint
RP233: 4/19/2012 - Scheduled Checkpoint
RP234: 4/19/2012 3:18:01 PM - Scheduled Checkpoint
RP235: 4/20/2012 10:39:06 AM - Scheduled Checkpoint
RP236: 4/20/2012 11:52:27 AM - Removed Ask Toolbar.
RP237: 4/20/2012 12:16:30 PM - Installed Sophos Anti-Virus
RP238: 4/20/2012 12:18:53 PM - Installed Sophos AutoUpdate
RP239: 4/20/2012 2:59:30 PM - Installed Java™ 6 Update 31
RP240: 4/22/2012 12:00:01 AM - Scheduled Checkpoint
RP241: 4/23/2012 12:00:02 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Arcade Live Main Page
Acer Assist
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer GameZone Console DTV 2.0.1.1
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer Registration
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Agatha Christie Death on the Nile
Agere Systems PCI-SV92EX Soft Modem
Alice Greenfingers
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar Updater
AT&T Service & Support Tool
att.net Internet Mail
att.net Toolbar
AV Input Selection
Azada
Baby Luv (remove only)
Backspin Billiards
Bee Garden - The Lost Queen
Big Fish Games: Game Manager
Big Kahuna Reef
Bonjour
Bookworm Deluxe
Bricks of Egypt
Cake Mania
CCleaner
Chicken Invaders 3
Chuzzle
Conduit Engine
Create A Mall
Cute Knight
Diaper Dash
Diner Dash Flo on the Go
Elf Bowling 7 The Last Insult
Escape the Museum 2
ESET Online Scanner v3
eSobi v2
Family Flights
Flip Words 2
GabCab
GamesBar 2.0.1.12
Hollywood Tycoon
Home Sweet Home
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IMVU Avatar Chat Software
IMVU Inc Toolbar
iTunes
Jane`s Hotel: Family Hero
Java Auto Updater
Java™ 6 Update 31
Jewel Quest Solitaire
Jojo’s Fashion Show
Kick N Rush
King Of Kings 3
Learn2 Player (Uninstall Only)
LightScribe 1.4.142.1
Love Ahoy!
LSI PCI-SV92EX Soft Modem
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
My Life Story
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
Nanny Mania 2
NTI Media Maker 8
NVIDIA Drivers
OpenAL
Pacman
Party Down
PriceGong 2.1.0
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Riverpoint Writer
RTC Client API v1.2
School House Shuffle
SecondLifeViewer2 (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Sophos Anti-Rootkit 1.5.4
Sophos Anti-Virus
Sophos AutoUpdate
Supple
Supple (remove only)
Trapped the Abduction
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
Virtual Families
Virtual Families (remove only)
Virtual Villagers 4 The Tree of Life
Wedding Dash
World of Kaneva v4.0
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
Zombie Bowl-O-Rama
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
4/23/2012 8:32:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
4/23/2012 8:32:34 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/23/2012 8:32:34 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/23/2012 8:32:34 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
4/23/2012 8:32:34 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/23/2012 8:25:41 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/20/2012 12:03:23 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.69 with the system having network hardware address 48-5D-60-D6-8C-D0. Network operations on this system may be disrupted as a result.
4/19/2012 2:49:16 PM, Error: Service Control Manager [7023] - The Adobeactivefilemonitor5.0 service terminated with the following error: The specified module could not be found.
4/16/2012 4:13:12 PM, Error: EventLog [6008] - The previous system shutdown at 4:11:40 PM on 4/16/2012 was unexpected.
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-23 09:22:47
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005b WDC_WD32 rev.01.0
Running: nce41bxs.exe; Driver: C:\Users\Nita\AppData\Local\Temp\axtdipob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Nita\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\lsass.exe[2540] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[2908] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3052] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3172] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3340] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3420] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3668] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WININET.dll!InternetReadFile 7706F978 5 Bytes JMP 6FA0E780 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WININET.dll!InternetQueryDataAvailable 77073224 5 Bytes JMP 6FA0E760 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WININET.dll!InternetOpenA 7707D688 5 Bytes JMP 6FA0E720 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[3828] WININET.dll!InternetOpenUrlA 7708E296 5 Bytes JMP 6FA0E740 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\rundll32.exe[4020] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WININET.dll!InternetReadFile 7706F978 5 Bytes JMP 6FA0E780 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WININET.dll!InternetQueryDataAvailable 77073224 5 Bytes JMP 6FA0E760 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WININET.dll!InternetOpenA 7707D688 5 Bytes JMP 6FA0E720 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WININET.dll!InternetOpenUrlA 7708E296 5 Bytes JMP 6FA0E740 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[4704] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5108] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] WS2_32.dll!closesocket 759C330C 5 Bytes JMP 6FA0E820 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] WS2_32.dll!recv 759C343A 5 Bytes JMP 6FA0E8A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] WS2_32.dll!connect 759C40D9 5 Bytes JMP 6FA0E840 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] WS2_32.dll!bind 759C652F 5 Bytes JMP 6FA0E800 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] WS2_32.dll!send 759C659B 5 Bytes JMP 6FA0E8C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] WS2_32.dll!listen 759C8CD7 5 Bytes JMP 6FA0E880 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] WS2_32.dll!WSASocketA 759C8FA9 5 Bytes JMP 6FA0E7A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] WS2_32.dll!WSAStartup 759CA639 7 Bytes JMP 6FA0E7C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] WS2_32.dll!getpeername 759DA863 5 Bytes JMP 6FA0E860 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\system32\svchost.exe[5232] WS2_32.dll!accept 759DBDF6 5 Bytes JMP 6FA0E7E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] ntdll.dll!LdrLoadDll 771A9378 5 Bytes JMP 6FA0E700 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] ntdll.dll!RtlExitUserThread 771C1CFB 5 Bytes JMP 6FA0E500 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] ntdll.dll!KiUserExceptionDispatcher 771E5C28 5 Bytes JMP 6FA0A240 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!CreateProcessA 75841C28 5 Bytes JMP 6FA0E4A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!WriteProcessMemory 75841CB8 5 Bytes JMP 6FA0E6E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!VirtualProtect 75841DC3 5 Bytes JMP 6FA0E640 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!WriteFileEx 75843FDC 5 Bytes JMP 6FA0E6C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!GetThreadContext 75845B49 5 Bytes JMP 6FA0E540 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!ResumeThread 7585C370 5 Bytes JMP 6FA0E600 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!CreateProcessInternalA 75868C25 5 Bytes JMP 6FA0E4C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!LoadLibraryExW 7586927C 7 Bytes JMP 6FA0E5C0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!LoadLibraryW 75869400 5 Bytes JMP 6FA0E5E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!LoadLibraryExA 75869554 5 Bytes JMP 6FA0E5A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!LoadLibraryA 7586957C 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!LoadLibraryA 7586957C 5 Bytes JMP 6FA0E580 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!VirtualProtectEx 7586DC52 5 Bytes JMP 6FA0E660 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!FreeLibrary 75883FA4 5 Bytes JMP 6FA0F2E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!ExitProcess 758843F4 5 Bytes JMP 6FA0E4E0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!GlobalAlloc 75887F54 7 Bytes JMP 6FA0E560 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!GetProcAddress 7588925B 5 Bytes JMP 6FA0E520 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!WriteFile 7588ABE1 7 Bytes JMP 6FA0E6A0 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!CreateFileA 7588D07F 5 Bytes JMP 6FA0E480 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!WinExec 758D60CF 5 Bytes JMP 6FA0E680 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\System32\svchost.exe[6136] kernel32.dll!SetThreadContext 758D7E27 5 Bytes JMP 6FA0E620 C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Acer GameZone\Jojo\x2019s Fashion Show\Uninstall.exe 1

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 27 April 2012 - 08:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#3 TexasBob

TexasBob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 30 April 2012 - 11:44 AM

Hello nasdaq,

Thanks for the help. I did what you asked and had no problems doing so. Logs are posted below:

OTL logfile created on: 4/30/2012 11:29:11 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Nita\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 53.60% Memory free
7.19 Gb Paging File | 6.27 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.16 Gb Total Space | 78.65 Gb Free Space | 55.72% Space Free | Partition Type: NTFS
Drive D: | 142.93 Gb Total Space | 138.82 Gb Free Space | 97.13% Space Free | Partition Type: NTFS
Drive G: | 486.05 Mb Total Space | 334.46 Mb Free Space | 68.81% Space Free | Partition Type: FAT

Computer Name: HARRIS | User Name: Nita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nita\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\wanmpsvc.exe (America Online, Inc.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (swi_update) -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\Windows\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MEMSWEEP2) -- C:\Windows\system32\F18E.tmp File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Nita\AppData\Local\Temp\catchme.sys File not found
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Plc)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (ASCTRM) -- C:\Windows\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ppcb2&s={searchTerms}&f=4&hl={language}&src=chrm
IE - HKLM\..\SearchScopes\{605B521D-8B6E-46E8-98C0-62EB5ECDBBE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q={searchTerms}&crm=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=0309&m=aspire_x1200
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {3044C6F0-675C-469B-B67A-D59B6604EFCE}
IE - HKCU\..\SearchScopes\{3044C6F0-675C-469B-B67A-D59B6604EFCE}: "URL" = http://findgala.com/?&uid=5613&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nita\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/05/31 03:07:22 | 000,000,000 | ---D | M]

[2010/10/24 20:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nita\AppData\Roaming\mozilla\Extensions
[2010/10/24 20:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nita\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/11/23 10:18:28 | 000,002,037 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb2.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76151268-DD33-4E4F-B250-038B9AD85465}: NameServer = 192.168.0.54
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: hwdatacard - File not found
NetSvcs: macformatservice - File not found
NetSvcs: s117obex - File not found
NetSvcs: vcdsecs - File not found
NetSvcs: msmframework - File not found
NetSvcs: sweepsrv.sys - File not found
NetSvcs: CDRPDACC - File not found
NetSvcs: oracleservicelocalora - File not found
NetSvcs: rimvserport - File not found
NetSvcs: RDID1027 - File not found
NetSvcs: lmouflt2 - File not found
NetSvcs: HIDSwvd - File not found
NetSvcs: pserve - File not found
NetSvcs: nvmpu401 - File not found
NetSvcs: websensecpmcommunicationagent - File not found
NetSvcs: fsaa - File not found
NetSvcs: tosrfusb - File not found
NetSvcs: websenselogserver - File not found
NetSvcs: lxcd_device - File not found
NetSvcs: s116obex - File not found
NetSvcs: pinnaclesys.mediaserver - File not found
NetSvcs: XFX_program - File not found
NetSvcs: cebdaldr - File not found
NetSvcs: dpc_srv_webcast - File not found
NetSvcs: imonnt - File not found
NetSvcs: ZuneWlanCfgSvc - File not found
NetSvcs: smcirda - File not found
NetSvcs: cpqfws2e - File not found
NetSvcs: kraidsvc - File not found
NetSvcs: VAIOMediaPlatform-PhotoServer-UPnP - File not found
NetSvcs: WISTechVIDCAP - File not found
NetSvcs: freebsd - File not found
NetSvcs: compaq_rba - File not found
NetSvcs: trackcam4 - File not found
NetSvcs: SMNDIS5 - File not found
NetSvcs: ccalib8 - File not found
NetSvcs: RioS30 - File not found
NetSvcs: nla - File not found
NetSvcs: crystaloutputfileserver - File not found
NetSvcs: toside - File not found
NetSvcs: service1 - File not found
NetSvcs: SE2Dbus - File not found
NetSvcs: ATWPKT2 - C:\Windows\System32\drivers\atwpkt2.sys (America Online)
NetSvcs: service - File not found
NetSvcs: PhilCam8116 - File not found
NetSvcs: asapiw2k - File not found
NetSvcs: YMIDUSB - File not found
NetSvcs: odysseyIM3 - File not found
NetSvcs: srservice - File not found
NetSvcs: dktknsrv - File not found
NetSvcs: ikfilesec - File not found
NetSvcs: DCamUSBDXGTech - File not found
NetSvcs: nipsvc - File not found
NetSvcs: wmccds - File not found
NetSvcs: mcafeeantispyware - File not found
NetSvcs: navex15 - File not found
NetSvcs: iclarityqosservice - File not found
NetSvcs: RimSerPort - File not found
NetSvcs: pxhelp20 - File not found
NetSvcs: vzfw - File not found
NetSvcs: nsm1mdm - File not found
NetSvcs: mpfservice - File not found
NetSvcs: webcompserver - File not found
NetSvcs: zebrceb - File not found
NetSvcs: k750obex - File not found
NetSvcs: tpsrv - File not found
NetSvcs: NWSAP - File not found
NetSvcs: fshttps - File not found
NetSvcs: mctskshd.exe - File not found
NetSvcs: MSFWHLPR - File not found
NetSvcs: FGDSCSI - File not found
NetSvcs: npkcrypt - File not found
NetSvcs: SenFiltService - File not found
NetSvcs: k750mdfl - File not found
NetSvcs: W8335XP - File not found
NetSvcs: acmservice - File not found
NetSvcs: pnmsrv - File not found
NetSvcs: maxbackserviceint - File not found
NetSvcs: cpuidlep - File not found
NetSvcs: b57w2k - File not found
NetSvcs: SABProcEnum - File not found
NetSvcs: dmload - File not found
NetSvcs: s116unic - File not found
NetSvcs: clr_optimization_v2.0.50215_32 - File not found
NetSvcs: NWSNS - File not found
NetSvcs: EntDrv51 - File not found
NetSvcs: UNDPX2A - File not found
NetSvcs: CX88ENC - File not found
NetSvcs: mod7700 - File not found
NetSvcs: mfeapfk - File not found
NetSvcs: tones - File not found
NetSvcs: us30service - File not found
NetSvcs: fsdfwd - File not found
NetSvcs: nic1394 - File not found
NetSvcs: tifm21 - File not found
NetSvcs: mcp - File not found
NetSvcs: websenseusagemonitor - File not found
NetSvcs: mcontrol - File not found
NetSvcs: beatjamupnpmusicserver - File not found
NetSvcs: ctxcpusched - File not found
NetSvcs: L8042mou - File not found
NetSvcs: Via4in1 - File not found
NetSvcs: KR3NPXP - File not found
NetSvcs: aswlsvc - File not found
NetSvcs: sscdmdm - File not found
NetSvcs: PciBus - File not found
NetSvcs: usbsermpt - File not found
NetSvcs: rootmodem - File not found
NetSvcs: nipxirmu - File not found
NetSvcs: SrvcEPECioctl - File not found
NetSvcs: MRV6X32P - File not found
NetSvcs: cwcwdm - File not found
NetSvcs: bglivesvc - File not found
NetSvcs: carboniteservice - File not found
NetSvcs: obvious - File not found
NetSvcs: vpn5000service - File not found
NetSvcs: nalntservice - File not found
NetSvcs: sdbus - C:\Windows\System32\wbem\sdbus.mof ()
NetSvcs: Alpham1 - File not found
NetSvcs: pdlnatcm - File not found
NetSvcs: NVR0Dev - File not found
NetSvcs: lockmgr - File not found
NetSvcs: sscdmdfl - File not found
NetSvcs: flutilssvc - File not found
NetSvcs: SimpTcp - File not found
NetSvcs: aniwzcsdservice - File not found
NetSvcs: atksgt - File not found
NetSvcs: InterBaseServer - File not found
NetSvcs: USB_RNDIS_XP - File not found
NetSvcs: webdriveservice - File not found
NetSvcs: vsbus - File not found
NetSvcs: emAudio - File not found
NetSvcs: asuskbnt - File not found
NetSvcs: plscsi - File not found
NetSvcs: askernel - File not found
NetSvcs: Slntamr - File not found
NetSvcs: vsmon - File not found
NetSvcs: parallel - File not found
NetSvcs: DNE - File not found
NetSvcs: rasirda - File not found
NetSvcs: ntmssvc - File not found
NetSvcs: ndisip - File not found
NetSvcs: wdelmgr20 - File not found
NetSvcs: hpdskflt - File not found
NetSvcs: raysatxsi5_0server - File not found
NetSvcs: lvselsus - File not found
NetSvcs: USRpdA - File not found
NetSvcs: NdisFilt - File not found
NetSvcs: dnserver32 - File not found
NetSvcs: CBTNDIS5 - File not found
NetSvcs: websensecamreportserver - File not found
NetSvcs: GV600_4 - File not found
NetSvcs: mi-raysat_3dsmax9_32 - File not found
NetSvcs: atkdisplf - File not found
NetSvcs: VirtualCam - File not found
NetSvcs: thinkpadmodemservice - File not found
NetSvcs: dns4meclient - File not found
NetSvcs: SE2Emdm - File not found
NetSvcs: szserver - File not found
NetSvcs: ScsiPort - C:\Windows\System32\drivers\scsiport.sys (Microsoft Corporation)
NetSvcs: W700mdm - File not found
NetSvcs: anydvd - File not found
NetSvcs: sprtsvc_ddoctorv2 - File not found
NetSvcs: SprintRcAppSvc - File not found
NetSvcs: tdrpman - File not found
NetSvcs: caboagp - File not found
NetSvcs: LVBulk - File not found
NetSvcs: eSettingsService - File not found
NetSvcs: DcFpoint - File not found
NetSvcs: ntlmssp - File not found
NetSvcs: Evian - File not found
NetSvcs: tvichw32 - File not found
NetSvcs: GBFSHook - File not found
NetSvcs: msi_wlan_service - File not found
NetSvcs: avg7core - File not found
NetSvcs: avgtdi - File not found
NetSvcs: webupdate - File not found
NetSvcs: tnbrlds - File not found
NetSvcs: stacsv - File not found
NetSvcs: avfilter - File not found
NetSvcs: rrrspy - File not found
NetSvcs: vvdsvc - File not found
NetSvcs: iolodmv - File not found
NetSvcs: ELmou - File not found
NetSvcs: U81xmdm - File not found
NetSvcs: SRS_SSCFilter - File not found
NetSvcs: vzupsvc - File not found
NetSvcs: PCTINDIS5 - File not found
NetSvcs: USB_RNDIS - File not found
NetSvcs: adminserver - File not found
NetSvcs: actser - File not found
NetSvcs: nsm1bus - File not found
NetSvcs: mctaskmanager - File not found
NetSvcs: dcsloader - File not found
NetSvcs: UxTuneUp - File not found
NetSvcs: SISNICXP - File not found
NetSvcs: scsiaccess - File not found
NetSvcs: PAR1284 - File not found
NetSvcs: dsncservice - File not found
NetSvcs: pfmodnt - File not found
NetSvcs: EpmPsd - File not found
NetSvcs: AppnBase - File not found
NetSvcs: klblmain - File not found
NetSvcs: dtsrvc - File not found
NetSvcs: LHidUsbK - File not found
NetSvcs: se26unic - File not found
NetSvcs: cics.region2 - File not found
NetSvcs: ownershipprotocol - File not found
NetSvcs: aclient - File not found
NetSvcs: AX88772 - File not found
NetSvcs: ncupdatesvc - File not found
NetSvcs: acsvc - File not found
NetSvcs: TuneUp.Defrag - File not found
NetSvcs: eeyeevnt - File not found
NetSvcs: ntuneservice - File not found
NetSvcs: dlaudfam - File not found
NetSvcs: hmonitor - File not found
NetSvcs: rimusb - File not found
NetSvcs: iastor - File not found
NetSvcs: rt2500usb - File not found
NetSvcs: pnkbstrb - File not found
NetSvcs: TMKEmu - File not found
NetSvcs: ati2mtag - File not found
NetSvcs: sglogplayer - File not found
NetSvcs: plsremotesvc - File not found
NetSvcs: TPwSav - File not found
NetSvcs: akshhl - File not found
NetSvcs: NSNDIS5 - File not found
NetSvcs: MRESP50a64 - File not found
NetSvcs: tappsrv - File not found
NetSvcs: symmpi - File not found
NetSvcs: symlcbrd - File not found
NetSvcs: NsTrcNT - File not found
NetSvcs: avpnnic - File not found
NetSvcs: tfsnopio - File not found
NetSvcs: vaiomediaplatform-videoserver-appserver - File not found
NetSvcs: AsIO - File not found
NetSvcs: AVCSTRM - File not found
NetSvcs: EagleNT - File not found
NetSvcs: w810mdm - File not found
NetSvcs: vmnetuserif - File not found
NetSvcs: gemserv - File not found
NetSvcs: artourservice - File not found
NetSvcs: RadProbe - File not found
NetSvcs: s716mdfl - File not found
NetSvcs: TPECioCtl - File not found
NetSvcs: trayman - File not found
NetSvcs: cxlpt - File not found
NetSvcs: NWUSBPort - File not found
NetSvcs: asc3550 - File not found
NetSvcs: keriomailserver - File not found
NetSvcs: NMSCFG - File not found
NetSvcs: NMSAccessU - File not found
NetSvcs: SbieDrv - File not found
NetSvcs: cpntsrv - File not found
NetSvcs: com4qlb - File not found
NetSvcs: sscdbhk5 - File not found
NetSvcs: dac960nt - File not found
NetSvcs: audstub - File not found
NetSvcs: nfmservice - File not found
NetSvcs: cpqarry2 - File not found
NetSvcs: DniVad - File not found
NetSvcs: se2Dunic - File not found
NetSvcs: vhidmini - File not found
NetSvcs: dphost - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 11:25:15 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Nita\Desktop\OTL.exe
[2012/04/23 09:30:34 | 000,000,000 | --SD | C] -- C:\T117572T
[2012/04/23 08:38:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Nita\Desktop\dds.scr
[2012/04/23 08:24:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/23 08:24:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/23 08:24:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/23 08:24:09 | 000,000,000 | --SD | C] -- C:\T1
[2012/04/23 08:24:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/23 08:19:05 | 004,472,002 | R--- | C] (Swearware) -- C:\Users\Nita\Desktop\T1.exe
[2012/04/23 08:08:19 | 000,000,000 | --SD | C] -- C:\FF11747F
[2012/04/20 15:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/20 15:00:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/04/20 15:00:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/04/20 15:00:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/04/20 15:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/20 12:20:01 | 000,000,000 | ---D | C] -- C:\Users\Nita\AppData\Local\Sophos
[2012/04/20 12:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012/04/20 12:17:13 | 000,030,744 | ---- | C] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2012/04/20 12:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/04/20 12:15:24 | 000,123,680 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2012/04/20 12:15:24 | 000,031,736 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys
[2012/04/20 12:15:24 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2012/04/20 12:15:15 | 000,000,000 | ---D | C] -- C:\savw_100_sa
[2012/04/20 12:07:22 | 000,000,000 | --SD | C] -- C:\FF
[2012/04/19 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\Nita\AppData\Roaming\FixZeroAccess
[2012/04/19 16:48:40 | 000,000,000 | ---D | C] -- C:\Users\Nita\Desktop\rootkit zero access
[2012/04/17 14:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/13 03:19:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/13 03:19:10 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/13 03:19:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/13 03:19:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/13 03:19:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/13 03:19:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/13 03:18:15 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/13 03:18:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/12 11:54:04 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/04/12 11:40:43 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/04/12 11:40:43 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/04/12 11:40:43 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/04/12 11:40:43 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/04/12 11:40:43 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/04/12 11:25:56 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/04/12 09:21:11 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Files - Modified Within 30 Days ==========

[2012/04/30 11:26:24 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/30 11:26:24 | 000,004,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/30 11:23:38 | 000,879,714 | ---- | M] () -- C:\Users\Nita\Desktop\SecurityCheck.exe
[2012/04/30 11:21:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Nita\Desktop\OTL.exe
[2012/04/30 09:37:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 09:37:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/23 09:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/23 09:37:07 | 2951,143,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/23 08:36:48 | 000,302,592 | ---- | M] () -- C:\Users\Nita\Desktop\nce41bxs.exe
[2012/04/23 08:35:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Nita\Desktop\dds.scr
[2012/04/23 08:20:48 | 004,472,002 | R--- | M] (Swearware) -- C:\Users\Nita\Desktop\T1.exe
[2012/04/20 15:00:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/04/20 15:00:41 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/04/20 15:00:41 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/04/20 15:00:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/04/16 16:13:16 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/13 03:40:23 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/30 11:25:44 | 000,879,714 | ---- | C] () -- C:\Users\Nita\Desktop\SecurityCheck.exe
[2012/04/23 08:38:15 | 000,302,592 | ---- | C] () -- C:\Users\Nita\Desktop\nce41bxs.exe
[2012/04/23 08:24:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/23 08:24:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/23 08:24:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/23 08:24:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/23 08:24:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/17 22:17:20 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/12/26 14:30:50 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/12/26 14:30:50 | 000,000,196 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2011/12/09 19:48:01 | 000,000,680 | ---- | C] () -- C:\Users\Nita\AppData\Local\d3d9caps.dat
[2011/11/26 20:21:11 | 000,030,575 | ---- | C] () -- C:\Users\Nita\AppData\Roaming\UserTile.png
[2011/04/05 16:52:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/04/05 16:51:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/11 12:51:55 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/09/24 22:45:20 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

========== LOP Check ==========

[2009/03/18 00:38:08 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Acer
[2008/04/30 13:14:33 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Acer GameZone Console
[2010/10/30 15:06:41 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\AlderGames
[2010/05/25 22:06:09 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Big Fish Games
[2010/10/30 14:46:35 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Big Splash Games
[2010/09/26 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\EleFun Games
[2010/09/29 19:04:58 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\EscapeTheMuseum2
[2012/04/19 16:49:40 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\FixZeroAccess
[2010/04/02 13:44:14 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\FloodLightGames
[2010/06/29 00:22:23 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Gaijin Ent
[2009/04/05 13:51:22 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Gamelab
[2010/11/23 07:44:47 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Home Sweet Home
[2011/07/31 00:18:30 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\IMVU
[2011/06/24 20:54:41 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\IMVUClient
[2011/09/05 09:56:42 | 000,000,000 | -H-D | M] -- C:\Users\Nita\AppData\Roaming\InstallJammer Registry
[2010/06/24 20:29:44 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\iWin
[2010/11/24 00:04:14 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Jane s Hotel Family Hero
[2009/03/18 00:38:02 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Leadertech
[2010/10/30 15:13:38 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Namco
[2010/09/26 15:21:37 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\PlayFirst
[2011/12/04 21:19:36 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Riverpoint Writer
[2011/07/12 13:24:36 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\SecondLife
[2009/07/07 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Template
[2010/10/24 21:01:06 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Vivox
[2010/06/01 16:23:08 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\WeatherBug
[2012/04/23 09:36:06 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/04/29 21:30:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/04/23 09:37:07 | 2951,143,424 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/13 22:38:10 | 000,000,920 | ---- | M] () -- C:\INSTALL.LOG
[2007/06/28 03:44:50 | 000,000,512 | ---- | M] () -- C:\MDR.iss
[2012/04/23 09:37:06 | 536,870,912 | -HS- | M] () -- C:\pagefile.sys
[2008/04/30 12:54:26 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2010/11/22 22:08:13 | 000,002,828 | ---- | M] () -- C:\scramble.log
[2012/04/17 08:37:37 | 000,180,568 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_16.04.2012_16.20.16_log.txt
[2012/04/17 08:42:14 | 000,118,530 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_17.04.2012_08.40.10_log.txt
[2012/04/17 10:54:33 | 000,114,156 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_17.04.2012_10.54.08_log.txt
[2012/04/18 08:10:38 | 000,245,050 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_18.04.2012_08.08.40_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/17 08:38:28 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cdrom.sys
[2012/02/29 08:32:37 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fs_rec.sys
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:4E6B8D68
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:9C5E2795
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:FAC5BCF5
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:6BD1DCDD
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C25C9263
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:F50F1555
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A73E7104
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D26B6B0A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A518B662
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2F34C507
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EC381680
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:D26DD363
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:57EE48CA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:793ABD2B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C3B04546
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B1BBA89D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:68C4BECC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3857ABB7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3780BCC3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A81A05E3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:51A22C60
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EC2246A6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8E6845BC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:42C1964D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:493524DB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8173A019

< End of report >

OTL Extras logfile created on: 4/30/2012 11:29:11 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Nita\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 53.60% Memory free
7.19 Gb Paging File | 6.27 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.16 Gb Total Space | 78.65 Gb Free Space | 55.72% Space Free | Partition Type: NTFS
Drive D: | 142.93 Gb Total Space | 138.82 Gb Free Space | 97.13% Space Free | Partition Type: NTFS
Drive G: | 486.05 Mb Total Space | 334.46 Mb Free Space | 68.81% Space Free | Partition Type: FAT

Computer Name: HARRIS | User Name: Nita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05CEAE7A-2D21-4074-A202-7F9BCB28246C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1257569983\ee\aolsoftware.exe |
"{06B0F6CC-0858-4973-A71E-45CAFFACC112}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{10C0EEFA-1216-401D-B580-095802BB4A43}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{126B920F-ED20-4D9D-AEAF-FA03A6D8D1E1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{243FFA08-5426-4F5B-94BF-3945D214DD96}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{29CB3F9E-879E-4C7E-A08F-06273980083E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{349FFB24-97B8-4732-B718-1AA2038DE992}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1257569983\ee\aolsoftware.exe |
"{3E2C60A6-7ED4-4714-BD71-AA7D66AEDC1A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4ED16562-0615-48B1-AC8E-05BC3A23E135}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{60192BEF-F7F1-4618-914B-ECCD2F3490CE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6F9F1458-B118-47B7-8A1F-B8D9B401A0A5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{743EA48C-C01F-4597-9052-06834043091D}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{7470946B-F714-4134-92E5-ED5ACC1AC034}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7AA1CCB0-B188-456C-AFC4-306E9D50986E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{83B2BF68-6194-4EC5-9CDC-95A731A458AD}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{95CA98DF-615B-42AC-A4A6-1E55EFC6FE3E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{97414256-6445-4A9B-BC74-408604FAB17C}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{99B0D3AA-EFFF-4880-B604-4597C5052A05}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{9DFD27A9-1BD2-4AD0-B9F5-9D3CA01F7DA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2E36676-EDED-4A8D-9F3E-8098AFB6529F}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{A3CECD36-B434-487C-86F3-9B9511551B7B}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{B2643485-EB55-4764-B0F0-01BC06C393BA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{B4A3B392-B908-464C-BFC2-0C417FAA70D9}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{D3692F7A-3336-4A52-9AC8-D45490E3EB8A}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{DE8DD11D-A909-44A2-97ED-69190DD20FB1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E1E01B63-F1FB-4B36-BA30-CDB10E548CEC}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{E762F3DF-68C8-44C0-82D5-6E538E8CBA49}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{F437E2C3-8DDD-4700-925B-A25C349BE1B9}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{BED4330E-F9AA-49A6-9DF3-447CD5111771}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16C86E91-4EB5-4B40-BA24-BFCC8C5E0F2F}" = King Of Kings 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112031427}" = Cute Knight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112943570}" = Supple
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113849380}" = Elf Bowling 7 The Last Insult
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114323150}" = Jojo’s Fashion Show
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115312823}" = Family Flights
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11545430}" = School House Shuffle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116673137}" = Nanny Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116703127}" = Party Down
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116881683}" = Diaper Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116983990}" = Virtual Families
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117258607}" = Create A Mall
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117306523}" = Hollywood Tycoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117800857}" = Zombie Bowl-O-Rama
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117821317}" = Trapped the Abduction
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117969177}" = Escape the Museum 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118392197}" = Pacman
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11850773}" = My Life Story
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11882790}" = Virtual Villagers 4 The Tree of Life
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119351190}" = GabCab
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119363483}" = Bee Garden - The Lost Queen
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119374887}" = Love Ahoy!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F429ED71-4A8B-457A-85E4-F6398CE73E58}" = AV Input Selection
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"3296" = World of Kaneva v4.0
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"ATT-SST" = AT&T Service & Support Tool
"Baby Luv" = Baby Luv (remove only)
"BFGC" = Big Fish Games: Game Manager
"BFG-Home Sweet Home" = Home Sweet Home
"BFG-Jane`s Hotel - Family Hero" = Jane`s Hotel: Family Hero
"BFG-Virtual Families" = Virtual Families
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"ESET Online Scanner" = ESET Online Scanner v3
"GamesBar" = GamesBar 2.0.1.12
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MusicManager" = Music Manager
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PriceGong" = PriceGong 2.1.0
"RealPlayer 6.0" = RealPlayer Basic
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Supple" = Supple (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Families" = Virtual Families (remove only)
"Yahoo! Companion" = att.net Toolbar
"Yahoo! Mail" = att.net Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"FF389026-F961-42C5-BACD-B4A3AA73E0F3" = Riverpoint Writer
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/19/2012 5:49:25 PM | Computer Name = HARRIS | Source = LoadPerf | ID = 3001
Description =

Error - 4/19/2012 5:52:33 PM | Computer Name = HARRIS | Source = WinMgmt | ID = 10
Description =

Error - 4/19/2012 5:58:20 PM | Computer Name = HARRIS | Source = LoadPerf | ID = 3001
Description =

Error - 4/20/2012 11:39:10 AM | Computer Name = HARRIS | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 4/20/2012 11:57:05 AM | Computer Name = HARRIS | Source = WinMgmt | ID = 10
Description =

Error - 4/20/2012 12:01:35 PM | Computer Name = HARRIS | Source = LoadPerf | ID = 3001
Description =

Error - 4/20/2012 12:29:03 PM | Computer Name = HARRIS | Source = WinMgmt | ID = 10
Description =

Error - 4/20/2012 12:33:40 PM | Computer Name = HARRIS | Source = LoadPerf | ID = 3001
Description =

Error - 4/20/2012 12:47:48 PM | Computer Name = HARRIS | Source = WinMgmt | ID = 10
Description =

Error - 4/20/2012 12:52:42 PM | Computer Name = HARRIS | Source = LoadPerf | ID = 3001
Description =

[ System Events ]
Error - 4/23/2012 10:28:51 AM | Computer Name = HARRIS | Source = Service Control Manager | ID = 7003
Description =

Error - 4/23/2012 10:28:51 AM | Computer Name = HARRIS | Source = Service Control Manager | ID = 7003
Description =

Error - 4/23/2012 10:28:51 AM | Computer Name = HARRIS | Source = Service Control Manager | ID = 7003
Description =

Error - 4/23/2012 10:28:51 AM | Computer Name = HARRIS | Source = Service Control Manager | ID = 7026
Description =

Error - 4/23/2012 10:32:04 AM | Computer Name = HARRIS | Source = Service Control Manager | ID = 7030
Description =

Error - 4/23/2012 10:38:43 AM | Computer Name = HARRIS | Source = Service Control Manager | ID = 7023
Description =

Error - 4/23/2012 10:38:43 AM | Computer Name = HARRIS | Source = Service Control Manager | ID = 7003
Description =

Error - 4/23/2012 10:38:43 AM | Computer Name = HARRIS | Source = Service Control Manager | ID = 7003
Description =

Error - 4/23/2012 10:38:43 AM | Computer Name = HARRIS | Source = Service Control Manager | ID = 7003
Description =

Error - 4/23/2012 10:38:43 AM | Computer Name = HARRIS | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

ESET Online Scanner v3
Sophos Anti-Virus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Sophos Anti-Rootkit 1.5.4
CCleaner
Java™ 6 Update 31
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Sophos Sophos Anti-Virus SavService.exe
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
``````````End of Log````````````

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 30 April 2012 - 12:42 PM

Hosts file not found


Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - (MEMSWEEP2) -- C:\Windows\system32\F18E.tmp File not found
    IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - No CLSID value found
    IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ppcb2&s={searchTerms}&f=4&hl={language}&src=chrm
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/05/31 03:07:22 | 000,000,000 | ---D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:131C0EE9
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E1982A23
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:793F316E
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:57EE48CA
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:793ABD2B
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C3B04546
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B1BBA89D
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:68C4BECC
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3857ABB7
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3780BCC3
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A81A05E3
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:51A22C60
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EC2246A6
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9F683177
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E36F5B57
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B623B5B8
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8E6845BC
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:861A898F
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:42C1964D
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:493524DB
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FC420CE6
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FF9C44FE
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:C95B63DA
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FEBEC560
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9E22BBE8
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3E7393FC
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4CF61E54
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:580E04D8
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2B99FE60
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8173A019
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:4E6B8D68
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:193426B4
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:9C5E2795
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:FAC5BCF5
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:6BD1DCDD
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C25C9263
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:F50F1555
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A73E7104
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D26B6B0A
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A518B662
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2F34C507
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EC381680
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:D26DD363
    
    :Files
    ipconfig /flushdns /c
    
    :commands
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

Please post the OTL log for my review.

#5 TexasBob

TexasBob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 30 April 2012 - 01:27 PM

No problems following your instructions. I also included the OTL fix log in addition to the Quick Scan log. Uninstalled Adobe reader and installed newest version 10.1.3 (without toolbar) successfully.

========== OTL ==========
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File C:\Windows\system32\F18E.tmp File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ce0c2586-da36-452b-acdb-320d9bcb19bf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce0c2586-da36-452b-acdb-320d9bcb19bf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@funwebproducts.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
ADS C:\ProgramData\TEMP:131C0EE9 deleted successfully.
ADS C:\ProgramData\TEMP:E1982A23 deleted successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
ADS C:\ProgramData\TEMP:57EE48CA deleted successfully.
ADS C:\ProgramData\TEMP:793ABD2B deleted successfully.
ADS C:\ProgramData\TEMP:C3B04546 deleted successfully.
ADS C:\ProgramData\TEMP:B1BBA89D deleted successfully.
ADS C:\ProgramData\TEMP:68C4BECC deleted successfully.
ADS C:\ProgramData\TEMP:3857ABB7 deleted successfully.
ADS C:\ProgramData\TEMP:3780BCC3 deleted successfully.
ADS C:\ProgramData\TEMP:A81A05E3 deleted successfully.
ADS C:\ProgramData\TEMP:51A22C60 deleted successfully.
ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.
ADS C:\ProgramData\TEMP:EC2246A6 deleted successfully.
ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:8E6845BC deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:42C1964D deleted successfully.
ADS C:\ProgramData\TEMP:493524DB deleted successfully.
ADS C:\ProgramData\TEMP:FC420CE6 deleted successfully.
ADS C:\ProgramData\TEMP:FF9C44FE deleted successfully.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully.
ADS C:\ProgramData\TEMP:3E7393FC deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:2B99FE60 deleted successfully.
ADS C:\ProgramData\TEMP:8173A019 deleted successfully.
ADS C:\ProgramData\TEMP:4E6B8D68 deleted successfully.
ADS C:\ProgramData\TEMP:193426B4 deleted successfully.
ADS C:\ProgramData\TEMP:9C5E2795 deleted successfully.
ADS C:\ProgramData\TEMP:FAC5BCF5 deleted successfully.
ADS C:\ProgramData\TEMP:6BD1DCDD deleted successfully.
ADS C:\ProgramData\TEMP:C25C9263 deleted successfully.
ADS C:\ProgramData\TEMP:F50F1555 deleted successfully.
ADS C:\ProgramData\TEMP:A73E7104 deleted successfully.
ADS C:\ProgramData\TEMP:D26B6B0A deleted successfully.
ADS C:\ProgramData\TEMP:A518B662 deleted successfully.
ADS C:\ProgramData\TEMP:2F34C507 deleted successfully.
ADS C:\ProgramData\TEMP:EC381680 deleted successfully.
ADS C:\ProgramData\TEMP:D26DD363 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nita\Desktop\cmd.bat deleted successfully.
C:\Users\Nita\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.2 log created on 04302012_130311

OTL logfile created on: 4/30/2012 1:07:10 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Nita\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 71.07% Memory free
7.16 Gb Paging File | 6.46 Gb Available in Paging File | 90.18% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.16 Gb Total Space | 77.84 Gb Free Space | 55.14% Space Free | Partition Type: NTFS
Drive D: | 142.93 Gb Total Space | 138.82 Gb Free Space | 97.13% Space Free | Partition Type: NTFS
Drive G: | 486.05 Mb Total Space | 334.30 Mb Free Space | 68.78% Space Free | Partition Type: FAT

Computer Name: HARRIS | User Name: Nita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nita\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\wanmpsvc.exe (America Online, Inc.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (swi_update) -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\Windows\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Nita\AppData\Local\Temp\catchme.sys File not found
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Plc)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (ASCTRM) -- C:\Windows\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{605B521D-8B6E-46E8-98C0-62EB5ECDBBE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q={searchTerms}&crm=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=0309&m=aspire_x1200
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {3044C6F0-675C-469B-B67A-D59B6604EFCE}
IE - HKCU\..\SearchScopes\{3044C6F0-675C-469B-B67A-D59B6604EFCE}: "URL" = http://findgala.com/?&uid=5613&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nita\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/05/31 03:07:22 | 000,000,000 | ---D | M]

[2010/10/24 20:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nita\AppData\Roaming\mozilla\Extensions
[2010/10/24 20:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nita\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/11/23 10:18:28 | 000,002,037 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb2.xml

O1 HOSTS File: ([2012/04/30 13:03:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76151268-DD33-4E4F-B250-038B9AD85465}: NameServer = 192.168.0.54
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 13:03:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/30 11:25:15 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Nita\Desktop\OTL.exe
[2012/04/23 09:30:34 | 000,000,000 | --SD | C] -- C:\T117572T
[2012/04/23 08:38:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Nita\Desktop\dds.scr
[2012/04/23 08:24:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/23 08:24:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/23 08:24:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/23 08:24:09 | 000,000,000 | --SD | C] -- C:\T1
[2012/04/23 08:24:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/23 08:19:05 | 004,472,002 | R--- | C] (Swearware) -- C:\Users\Nita\Desktop\T1.exe
[2012/04/23 08:08:19 | 000,000,000 | --SD | C] -- C:\FF11747F
[2012/04/20 15:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/20 15:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/20 12:20:01 | 000,000,000 | ---D | C] -- C:\Users\Nita\AppData\Local\Sophos
[2012/04/20 12:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012/04/20 12:17:13 | 000,030,744 | ---- | C] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2012/04/20 12:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/04/20 12:15:24 | 000,123,680 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2012/04/20 12:15:24 | 000,031,736 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys
[2012/04/20 12:15:24 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2012/04/20 12:15:15 | 000,000,000 | ---D | C] -- C:\savw_100_sa
[2012/04/20 12:07:22 | 000,000,000 | --SD | C] -- C:\FF
[2012/04/19 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\Nita\AppData\Roaming\FixZeroAccess
[2012/04/19 16:48:40 | 000,000,000 | ---D | C] -- C:\Users\Nita\Desktop\rootkit zero access
[2012/04/17 14:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

========== Files - Modified Within 30 Days ==========

[2012/04/30 13:05:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 13:05:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 13:05:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 13:05:22 | 2951,245,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 13:03:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/30 11:26:24 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/30 11:26:24 | 000,004,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/30 11:23:38 | 000,879,714 | ---- | M] () -- C:\Users\Nita\Desktop\SecurityCheck.exe
[2012/04/30 11:21:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Nita\Desktop\OTL.exe
[2012/04/23 08:36:48 | 000,302,592 | ---- | M] () -- C:\Users\Nita\Desktop\nce41bxs.exe
[2012/04/23 08:35:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Nita\Desktop\dds.scr
[2012/04/23 08:20:48 | 004,472,002 | R--- | M] (Swearware) -- C:\Users\Nita\Desktop\T1.exe
[2012/04/16 16:13:16 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/13 03:40:23 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/30 11:25:44 | 000,879,714 | ---- | C] () -- C:\Users\Nita\Desktop\SecurityCheck.exe
[2012/04/23 08:38:15 | 000,302,592 | ---- | C] () -- C:\Users\Nita\Desktop\nce41bxs.exe
[2012/04/23 08:24:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/23 08:24:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/23 08:24:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/23 08:24:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/23 08:24:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/17 22:17:20 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/12/26 14:30:50 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/12/26 14:30:50 | 000,000,196 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2011/12/09 19:48:01 | 000,000,680 | ---- | C] () -- C:\Users\Nita\AppData\Local\d3d9caps.dat
[2011/11/26 20:21:11 | 000,030,575 | ---- | C] () -- C:\Users\Nita\AppData\Roaming\UserTile.png
[2011/04/05 16:52:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/04/05 16:51:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/11 12:51:55 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/09/24 22:45:20 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

========== LOP Check ==========

[2009/03/18 00:38:08 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Acer
[2008/04/30 13:14:33 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Acer GameZone Console
[2010/10/30 15:06:41 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\AlderGames
[2010/05/25 22:06:09 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Big Fish Games
[2010/10/30 14:46:35 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Big Splash Games
[2010/09/26 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\EleFun Games
[2010/09/29 19:04:58 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\EscapeTheMuseum2
[2012/04/19 16:49:40 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\FixZeroAccess
[2010/04/02 13:44:14 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\FloodLightGames
[2010/06/29 00:22:23 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Gaijin Ent
[2009/04/05 13:51:22 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Gamelab
[2010/11/23 07:44:47 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Home Sweet Home
[2011/07/31 00:18:30 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\IMVU
[2011/06/24 20:54:41 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\IMVUClient
[2011/09/05 09:56:42 | 000,000,000 | -H-D | M] -- C:\Users\Nita\AppData\Roaming\InstallJammer Registry
[2010/06/24 20:29:44 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\iWin
[2010/11/24 00:04:14 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Jane s Hotel Family Hero
[2009/03/18 00:38:02 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Leadertech
[2010/10/30 15:13:38 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Namco
[2010/09/26 15:21:37 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\PlayFirst
[2011/12/04 21:19:36 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Riverpoint Writer
[2011/07/12 13:24:36 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\SecondLife
[2009/07/07 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Template
[2010/10/24 21:01:06 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\Vivox
[2010/06/01 16:23:08 | 000,000,000 | ---D | M] -- C:\Users\Nita\AppData\Roaming\WeatherBug
[2012/04/30 13:04:19 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 01 May 2012 - 07:46 AM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#7 TexasBob

TexasBob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 01 May 2012 - 12:37 PM

All utilities have been removed except Sophos.

ComboFix still reports rootkit activity and requires a reboot. Rebooted OK but ComboFix does not continue. I uninstalled ComboFix per your instructions. Now what?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 01 May 2012 - 03:14 PM

I'm investing your logs why this is being generated.

I feel that this is a false positive by some registry entry.

Let me know if this is the only issues with this computer.

#9 TexasBob

TexasBob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 01 May 2012 - 03:31 PM

The computer is in another office and not really being used of course since it might still have a virus. :lmao: I ran a few programs, surfed the web a little and everything seems to work fine. I can find no problems.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 02 May 2012 - 08:58 AM

I'm sure that one remnant item in the registry is the cause of this error from ComboFix.

Use the computer for a few days and let me know if all is well.

#11 TexasBob

TexasBob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 03 May 2012 - 04:31 PM

Some of the scheduled tasks are no longer running. When entering Task Scheduler I am getting 2 messages:

1.) The task image is corrupt or has been tampered with.task729578

click OK and get

2.) An error has occurred for task Reminders - Nita. Error Message; The specified account name is not valid.

Click OK

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 04 May 2012 - 08:40 AM

Some of the scheduled tasks are no longer running. When entering Task Scheduler I am getting 2 messages:

1.) The task image is corrupt or has been tampered with.task729578

click OK and get

2.) An error has occurred for task Reminders - Nita. Error Message; The specified account name is not valid.


What are the tasks that are not running?

Each task is a separate file in this folder C:\Windows\System32\Tasks.
Can you identify them?
If present remove them.

==

On other option is to create a new profile and when working correctly delete the "The specified account name is not valid." It may be Nina not sure.

Keep me posted.

#13 TexasBob

TexasBob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 04 May 2012 - 03:31 PM

You gave me enough information to resolve those problems. Some of the misbehaving tasks I was able to delete from C:\Windows\System32\Tasks successfully.

The tough one was "Reminders - Nita" There was no filename with that on her computer, but a registry search found 2 references, I deleted both and it all seems to work fine now. I have run a bunch of virus scanners and all come up clean. I can find nothing else wrong with it except Combofix.


Think I am virus free?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 05 May 2012 - 08:02 AM

I think your clean.

You can always try this last scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#15 TexasBob

TexasBob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 07 May 2012 - 08:06 AM

OK, seems all is well. ESET came up clean. Thanks for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users