Tech Support Forum banner
Status
Not open for further replies.

Antivirus Antimaleware 2011!

6K views 11 replies 3 participants last post by  amateur 
#1 ·
Hello everyone,

A few days ago my computer was being slow, requiring frequent restarts, freezing a lot, etc etc.

Today I got Antivirus Antimaleware 2011 madness popping up on my computer telling me that I had tons of viruses, I am going to die, world is going to hell in a handbasket and all that jazz.

Malewarebytes found a few things and claimed to have gotten rid of them. I can't complete a Sophos scan. It gets about halfway through and then I get a weird error message and have to restart my computer. When I restart, it says 0 items in quarantine even though it found stuff before I had to restart.

Also having to post all of this information from a friends computer because everytime I try to post it tells me that the connection to the server has been restarted. After several restarts of this computer, I haven't been able to post using my own.

I have the ark and attach attachments in a zip folder but my friend didn't want me to download anything onto his computer that got sent from my virusy computer so I didn't post them. Perhaps I can just post the text or email them to you individually? Or maybe you could tell me if it is safe to transfer files via email to my friends computer so that I might upload them? Thank you!

Here is DDS
DDS (Ver_11-03-05.01) - NTFSx86
Run by Loralee at 18:51:05.20 on Thu 03/24/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.976 [GMT -4:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\System32\svchost.exe -k itlsvc
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Loralee\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
dRun: [AntiVirus AntiSpyware 2011] "c:\documents and settings\networkservice\application data\antivirus antispyware 2011\AntiVirus AntiSpyware.exe" /STARTUP
dRun: [AntiVirus AntiSpyware 2011 Security] c:\documents and settings\networkservice\application data\antivirus antispyware 2011\securitymanager.exe
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://ra.qwest.com/sdccommon/download/tgctlcm.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264443176706
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264443274941
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: itlnfw32 - itlnfw32.dll
Notify: itlntfy - itlnfw32.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\loralee\applic~1\mozilla\firefox\profiles\urg7gy8k.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/p/2.html
FF - plugin: c:\documents and settings\loralee\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\loralee\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\loralee\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
.
============= SERVICES / DRIVERS ===============
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2011-3-24 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2011-3-24 24064]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2010-2-3 140184]
R2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2008-4-14 14336]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2011-3-24 14976]
.
=============== Created Last 30 ================
.
2011-03-24 21:45:52 -------- d-----w- c:\windows\system32\Adobe
2011-03-24 20:44:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sophos Web Intelligence
2011-03-24 20:44:04 -------- d-----w- c:\program files\common files\Cisco Systems
2011-03-24 20:43:43 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-03-24 20:42:45 24064 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys
2011-03-24 20:42:45 153344 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2011-03-24 20:42:45 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-03-24 18:59:50 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2011-03-24 18:59:50 32256 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-03-24 18:59:50 16480 ----a-w- c:\windows\system32\rixdicon.dll
2011-03-24 18:59:45 90112 ----a-w- c:\windows\system32\snymsico.dll
2011-03-24 18:59:45 43520 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-03-24 18:09:21 34816 ----a-w- c:\windows\system32\itlnfw32.dll
2011-03-24 18:09:21 216064 ----a-w- c:\windows\system32\itlpfw32.dll
2011-03-02 19:06:21 -------- d-----w- c:\program files\Sea3D
2011-03-02 15:53:34 -------- d-----w- c:\docume~1\loralee\applic~1\Oberon Media
2011-03-02 15:53:21 -------- d-----w- c:\program files\MSN Games
2011-02-25 19:55:13 -------- d-----w- c:\docume~1\loralee\locals~1\applic~1\CutePDF Writer
2011-02-25 19:54:56 -------- d-----w- c:\program files\GPLGS
2011-02-25 19:54:23 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-02-25 19:54:15 -------- d-----w- c:\program files\Acro Software
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 13:31:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 13:31:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9120822AS rev.3.CDD -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89DA8439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89dae7d0]; MOV EAX, [0x89dae84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89D40AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89940030]
\Driver\atapi[0x89D4AF38] -> IRP_MJ_CREATE -> 0x89DA8439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120822AS_____________________________3.CDD___#5&12a65145&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89DA827F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:52:26.56 ===============
 
See less See more
#2 ·
Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

I need to see the GMER log and Attach.txt log before we can start. Can you just post them the way you did the DDS.txt log?
 
#3 ·
Heya,

I also forgot to mention that I get an error that tells me that Win32 needs to close.

Here is the text of Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/25/2010 10:42:05 AM
System Uptime: 3/24/2011 6:30:13 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WY040
Processor: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz | Microprocessor | 1794/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 18.492 GiB free.
D: is FIXED (NTFS) - 73 GiB total, 35.078 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP145: 12/26/2010 11:51:04 PM - System Checkpoint
RP146: 12/30/2010 9:00:28 AM - System Checkpoint
RP147: 1/7/2011 1:38:50 PM - System Checkpoint
RP148: 1/12/2011 12:19:34 PM - System Checkpoint
RP149: 1/12/2011 8:00:17 PM - Software Distribution Service 3.0
RP150: 1/20/2011 11:41:50 AM - System Checkpoint
RP151: 1/23/2011 10:50:30 PM - System Checkpoint
RP152: 1/28/2011 12:17:53 PM - System Checkpoint
RP153: 2/3/2011 10:37:11 PM - System Checkpoint
RP154: 2/9/2011 8:00:18 PM - Software Distribution Service 3.0
RP155: 2/15/2011 8:00:17 PM - Software Distribution Service 3.0
RP156: 2/17/2011 7:43:22 AM - System Checkpoint
RP157: 2/19/2011 5:09:06 PM - System Checkpoint
RP158: 2/22/2011 5:38:02 PM - System Checkpoint
RP159: 2/23/2011 8:00:17 PM - Software Distribution Service 3.0
RP160: 2/25/2011 2:54:21 PM - Printer Driver CutePDF Writer Installed
RP161: 2/27/2011 5:02:55 PM - System Checkpoint
RP162: 3/1/2011 8:01:24 PM - System Checkpoint
RP163: 3/7/2011 8:23:22 AM - System Checkpoint
RP164: 3/9/2011 9:11:38 PM - Software Distribution Service 3.0
RP165: 3/11/2011 3:16:39 PM - System Checkpoint
RP166: 3/13/2011 8:15:38 PM - System Checkpoint
RP167: 3/15/2011 9:13:13 AM - Installed Sophos AutoUpdate
RP168: 3/18/2011 6:58:51 AM - System Checkpoint
RP169: 3/24/2011 12:52:45 PM - System Checkpoint
RP170: 3/24/2011 3:28:23 PM - Removed Sophos Anti-Virus
.
==== Installed Programs ======================
.
Across Lite 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Barnes & Noble Desktop Reader
Bonjour
Broadcom 440x 10/100 Integrated Controller
Catan Online World
ClientTools
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
CutePDF Writer 2.8
Dell Printer Software
Dell Wireless WLAN Card Utility
GIMP 2.6.8
Google Talk Plugin
Google Updater
GoToAssist Corporate
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java Auto Updater
Java(TM) 6 Update 22
JMP 8
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
NVIDIA PhysX
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
OIV
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Sea3D 1.2.0a
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Skype™ 4.1
Sophos Anti-Virus
Sophos AutoUpdate
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.3
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
3/24/2011 9:30:44 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
3/24/2011 9:16:54 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/24/2011 9:16:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/24/2011 9:16:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVOnAccessControl SAVOnAccessFilter Tcpip
3/24/2011 9:16:18 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 9:16:18 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 9:16:18 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 9:16:18 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 9:16:18 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 9:16:18 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 9:07:35 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
3/24/2011 9:06:55 AM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 9:06:55 AM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 9:06:55 AM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 9:06:55 AM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 9:06:55 AM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 9:06:55 AM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 9:06:55 AM, error: Service Control Manager [7034] - The CryptSvc service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 9:06:55 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 9:06:55 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
3/24/2011 9:06:55 AM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2011 6:27:26 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
3/24/2011 6:22:55 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/24/2011 6:07:20 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service SAVService with arguments "" in order to run the server: {D2B7A809-15DC-40B4-A1E1-C61EA97191DB}
3/24/2011 5:30:42 PM, error: Dhcp [1002] - The IP address lease 10.10.17.130 for the Network Card with network address 001C2697C8F3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
3/24/2011 4:34:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
3/24/2011 3:27:09 PM, error: SAVOnAccessControl [85] - File [...s\Translators.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea5977f83ddc]).
3/24/2011 3:27:09 PM, error: SAVOnAccessControl [85] - File [...irus\Security.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea5977ff64ea]).
3/24/2011 3:27:09 PM, error: SAVOnAccessControl [85] - File [...Configuration.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea5977f37928]).
3/24/2011 3:27:07 PM, error: SAVOnAccessControl [85] - File [...stem32\WLTRAY.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process explorer.exe, (start check timestamp [ 1cbea597686b15e]).
3/24/2011 3:27:04 PM, error: SAVOnAccessControl [85] - File [...oUpdate\ALsvc.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea5974a778b4]).
3/24/2011 3:27:04 PM, error: SAVOnAccessControl [85] - File [...canManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea5974b1021c]).
3/24/2011 3:27:03 PM, error: SAVOnAccessControl [85] - File [...ponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea597496c83e]).
3/24/2011 3:27:03 PM, error: SAVOnAccessControl [85] - File [...ponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cbea597496c83e]).
3/24/2011 3:27:03 PM, error: SAVOnAccessControl [85] - File [...eatManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea59749b8cf2]).
3/24/2011 3:27:03 PM, error: SAVOnAccessControl [85] - File [...\ICManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cbea59749b8cf2]).
3/24/2011 12:21:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SAVOnAccessControl SAVOnAccessFilter
3/24/2011 12:04:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/24/2011 11:15:38 AM, error: SAVOnAccessControl [37] - Driver threads still active when driver is being shutdown.
3/24/2011 10:58:53 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
3/24/2011 10:58:53 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
3/24/2011 1:55:23 PM, error: SAVOnAccessControl [85] - File [...YL2\decide[1].php]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1cbea4ca5d50fda]).
3/24/2011 1:55:22 PM, error: SAVOnAccessControl [85] - File [...S3AdPlayer[1].swf]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1cbea4ca59711e6]).
3/24/2011 1:55:22 PM, error: SAVOnAccessControl [85] - File [...ponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea4ca59e390c]).
3/24/2011 1:55:22 PM, error: SAVOnAccessControl [85] - File [...ponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cbea4ca59e390c]).
3/24/2011 1:55:22 PM, error: SAVOnAccessControl [85] - File [...oUpdate\ALsvc.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea4ca5aa24f6]).
3/24/2011 1:55:22 PM, error: SAVOnAccessControl [85] - File [...eatManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea4ca5a56032]).
3/24/2011 1:55:22 PM, error: SAVOnAccessControl [85] - File [...canManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea4ca5b610e0]).
3/24/2011 1:55:22 PM, error: SAVOnAccessControl [85] - File [...\ICManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea4ca5a2fdd0]).
3/24/2011 1:55:22 PM, error: SAVOnAccessControl [85] - File [...\ICManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cbea4ca5a09b6e]).
3/24/2011 1:55:22 PM, error: SAVOnAccessControl [85] - File [....0.4_56847[1].swf]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1cbea4ca5bd3806]).
3/24/2011 1:54:48 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 2 time(s).
3/24/2011 1:54:48 PM, error: SAVOnAccessControl [564] - Communication error between on-access driver and service for access of registry value [44A35E5BFD25BD9AF\Usage SAVService] by process SavMain.exe.
3/24/2011 1:54:48 PM, error: SAVOnAccessControl [564] - Communication error between on-access driver and service for access of registry value [10\SessionInformation ProgramCount] by process explorer.exe.
3/24/2011 1:15:32 PM, error: SAVOnAccessControl [85] - File [...YL2\search[1].htm]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1cbea4714dc3855]).
3/24/2011 1:15:32 PM, error: SAVOnAccessControl [85] - File [...S3AdPlayer[1].swf]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1cbea4714b8742e]).
3/24/2011 1:15:32 PM, error: SAVOnAccessControl [85] - File [...ponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea4714c4603b]).
3/24/2011 1:15:32 PM, error: SAVOnAccessControl [85] - File [...ponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cbea4714c4603b]).
3/24/2011 1:15:32 PM, error: SAVOnAccessControl [85] - File [...oUpdate\ALsvc.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea4714e5c1f9]).
3/24/2011 1:15:32 PM, error: SAVOnAccessControl [85] - File [...eatManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea4714d2aeb1]).
3/24/2011 1:15:32 PM, error: SAVOnAccessControl [85] - File [...canManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea4714f672d8]).
3/24/2011 1:15:32 PM, error: SAVOnAccessControl [85] - File [...\ICManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cbea4714c6c2a4]).
3/24/2011 1:15:32 PM, error: SAVOnAccessControl [85] - File [...\ICManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cbea4714c6c2a4]).
3/24/2011 1:15:32 PM, error: SAVOnAccessControl [85] - File [....0.4_56847[1].swf]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1cbea4714e35f90]).
3/24/2011 1:15:26 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 1:15:26 PM, error: SAVOnAccessControl [566] - Communication error between on-access driver and service for a modification of file "es\system@search.coolroll[1].txt" by process svchost.exe .
3/23/2011 11:39:33 PM, error: Dhcp [1002] - The IP address lease 10.10.17.130 for the Network Card with network address 001C2697C8F3 has been denied by the DHCP server 172.16.42.1 (The DHCP Server sent a DHCPNACK message).
3/21/2011 11:14:30 PM, error: Dhcp [1002] - The IP address lease 10.10.23.126 for the Network Card with network address 001C2697C8F3 has been denied by the DHCP server 172.16.42.1 (The DHCP Server sent a DHCPNACK message).
3/19/2011 1:25:18 AM, error: Dhcp [1002] - The IP address lease 192.168.1.34 for the Network Card with network address 001C2697C8F3 has been denied by the DHCP server 172.16.42.1 (The DHCP Server sent a DHCPNACK message).
3/18/2011 5:26:14 PM, error: Dhcp [1002] - The IP address lease 10.0.1.20 for the Network Card with network address 001C2697C8F3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/18/2011 10:52:06 AM, error: Dhcp [1002] - The IP address lease 10.10.23.126 for the Network Card with network address 001C2697C8F3 has been denied by the DHCP server 10.0.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
#4 ·
And here is part of Ark, part 1 -

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-24 19:03:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST9120822AS rev.3.CDD
Running: gmer.exe; Driver: C:\DOCUME~1\Loralee\LOCALS~1\Temp\agxirfob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateKey [0xB4C5D3BA]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateThread [0xB4C5D8A4]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwDeleteKey [0xB4C5D510]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetSystemInformation [0xB4C5DBCE]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetValueKey [0xB4C5D576]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7090360, 0x3CEED5, 0xE8000020]
? C:\DOCUME~1\Loralee\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0039FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0039FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0039F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0039F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0039F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0039FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0039F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0039F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0039FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0039F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0039FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0039FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0039FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0039FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0039FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0039FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0039FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0039FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0039FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0039FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0039FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0039FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0039FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0039FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0039FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0039FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0039FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0039FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0039F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0039F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0039F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0039FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0039F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0039F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0039FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0039F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0039FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0039FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0039FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0039FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0039FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0039FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0039FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0039FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0039FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0039FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0039FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0039FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0039FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0039FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0039FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[760] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0039FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0039FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0039FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0039F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0039F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0039F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0039FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0039F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0039F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0039FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0039F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0039FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0039FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0039FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0039FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0039FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0039FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0039FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0039FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0039FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0039FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0039FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0039FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0039FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0039FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0039FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[968] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0039FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0039FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0039FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0039F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0039F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0039F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0039FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0039F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0039F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0039FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0039F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0039FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0039FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0039FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0039FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WININET.dll!InternetOpenA
 
#5 ·
Here is Ark, part 2:

3D95D690 5 Bytes JMP 0039FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0039FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0039FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0039FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0039FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0039FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0039FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0039FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0039FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0039FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0039FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0039FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0039FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0039FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0039F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0039F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0039F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0039FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0039F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0039F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0039FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0039F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0039FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0039FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0039FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0039FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0039FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0039FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0039FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0039FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0039FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0039FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0039FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0039FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0039FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0039FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0039FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0039FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0072000A
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0073000A
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 0071000A
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0238000A
.text C:\WINDOWS\System32\svchost.exe[1284] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00E9000A
.text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC000A
.text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CD000A
.text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00CB000A
.text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003AFB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0039FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0039FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0039F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0039F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0039F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0039FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0039F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0039F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0039FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0039F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0039FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0039FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0039FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0039FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0039FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1740] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0039FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0039FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0039FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0039F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0039F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0039F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0039FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0039F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0039F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0039FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0039F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0039FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0039FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0039FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0039FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0039FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0039FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0039FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0039FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0039FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0039FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0039FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0039FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0039FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0039FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0039FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0039FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0039FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0039FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0039F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0039F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0039F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0039FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0039F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0039F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0039FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0039F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0039FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0039FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0039FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0039FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0039FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0039FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0039FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0039FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0039FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0039FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0039FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0039FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0039FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0039FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0039FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0039FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 013C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 013D000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 013B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 6FA0FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 003A9E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003AFB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003AF8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 003AFA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003AFA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003AF9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003AF9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003AF9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 003AFB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003AF8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003B0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003AF940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003AFA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 003AF920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 003AF980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003AFAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 003AF900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 003AF8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 003AFA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 003AF960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 003AFAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003AFAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 003AFA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 003AFBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 003AFB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 003AFB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2844] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 003AFB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 003A9E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003AFB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003AF8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 003AFA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003AFA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003AF9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003AF9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003AF9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 003AFB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003AF8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003B0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003AF940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003AFA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 003AF920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 003AF980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003AFAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 003AF900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 003AF8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 003AFA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 003AF960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 003AFAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003AFAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 003AFA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 003AFBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 003AFB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 003AFB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\rundll32.exe[2876] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 003AFB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0039FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0039FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0039F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0039F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0039F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0039FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0039F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
 
#6 ·
Here is Ark, part 3:

(Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0039F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0039FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0039F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0039FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0039FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0039FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0039FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0039FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0039FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0039FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0039FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0039FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0039FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0039FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0039FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0039FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0039FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0039FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[3024] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0039FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
? C:\WINDOWS\System32\svchost.exe[4064] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: oleaut32.dllunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: oleaut32.dllunknown module: oleaut32.dll
.text C:\WINDOWS\System32\svchost.exe[4064] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0039FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0039FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0039F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0039F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0039F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0039FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0039F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0039F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0039FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0039F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0039FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0039FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064]
WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0039FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0039FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0039FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0039FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0039FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0039FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0039FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0039FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0039FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0039FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0039FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0039FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0039FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[4064] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0039FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 89DA827F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89DA827F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89DA827F
Device \FileSystem\Fastfat \Fat AD980D20

AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120822AS_____________________________3.CDD___#5&12a65145&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----
 
#7 ·
lolerary:

Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Attach that log, please.
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log
 
#8 ·
Here is TDSS

2011/03/25 13:49:49.0546 3624 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/25 13:49:49.0687 3624 ================================================================================
2011/03/25 13:49:49.0687 3624 SystemInfo:
2011/03/25 13:49:49.0687 3624
2011/03/25 13:49:49.0687 3624 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/25 13:49:49.0687 3624 Product type: Workstation
2011/03/25 13:49:49.0687 3624 ComputerName: LORALEE-C52D0A4
2011/03/25 13:49:49.0687 3624 UserName: Loralee
2011/03/25 13:49:49.0687 3624 Windows directory: C:\WINDOWS
2011/03/25 13:49:49.0687 3624 System windows directory: C:\WINDOWS
2011/03/25 13:49:49.0687 3624 Processor architecture: Intel x86
2011/03/25 13:49:49.0687 3624 Number of processors: 2
2011/03/25 13:49:49.0687 3624 Page size: 0x1000
2011/03/25 13:49:49.0687 3624 Boot type: Normal boot
2011/03/25 13:49:49.0687 3624 ================================================================================
2011/03/25 13:49:50.0734 3624 Initialize success
2011/03/25 13:49:54.0390 2996 ================================================================================
2011/03/25 13:49:54.0390 2996 Scan started
2011/03/25 13:49:54.0390 2996 Mode: Manual;
2011/03/25 13:49:54.0390 2996 ================================================================================
2011/03/25 13:49:55.0828 2996 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/25 13:49:55.0906 2996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/25 13:49:56.0015 2996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/25 13:49:56.0125 2996 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/25 13:49:56.0281 2996 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/25 13:49:56.0375 2996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/25 13:49:56.0453 2996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/25 13:49:56.0578 2996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/25 13:49:56.0687 2996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/25 13:49:56.0843 2996 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/03/25 13:49:56.0906 2996 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/03/25 13:49:56.0984 2996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/25 13:49:57.0250 2996 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/25 13:49:57.0296 2996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/25 13:49:57.0359 2996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/25 13:49:57.0421 2996 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/25 13:49:57.0531 2996 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/25 13:49:57.0578 2996 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/25 13:49:57.0640 2996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/25 13:49:57.0703 2996 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/25 13:49:57.0828 2996 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/25 13:49:57.0875 2996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/25 13:49:57.0953 2996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/25 13:49:58.0015 2996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/25 13:49:58.0078 2996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/25 13:49:58.0125 2996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/25 13:49:58.0156 2996 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/25 13:49:58.0187 2996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/25 13:49:58.0265 2996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/25 13:49:58.0375 2996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/25 13:49:58.0515 2996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/25 13:49:58.0843 2996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/25 13:49:59.0031 2996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/25 13:49:59.0171 2996 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/25 13:49:59.0234 2996 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/25 13:49:59.0328 2996 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/03/25 13:49:59.0421 2996 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/03/25 13:49:59.0546 2996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/25 13:49:59.0578 2996 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/25 13:49:59.0609 2996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/25 13:49:59.0718 2996 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/25 13:49:59.0750 2996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/25 13:49:59.0843 2996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/25 13:49:59.0921 2996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/25 13:49:59.0968 2996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/25 13:50:00.0031 2996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/25 13:50:00.0109 2996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/25 13:50:00.0203 2996 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/25 13:50:00.0250 2996 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/25 13:50:00.0328 2996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/25 13:50:00.0359 2996 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/25 13:50:00.0453 2996 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/25 13:50:00.0500 2996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/25 13:50:00.0578 2996 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/25 13:50:00.0625 2996 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/25 13:50:00.0703 2996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/25 13:50:00.0781 2996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/25 13:50:00.0843 2996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/25 13:50:00.0921 2996 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/25 13:50:01.0015 2996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/25 13:50:01.0078 2996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/25 13:50:01.0125 2996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/25 13:50:01.0156 2996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/25 13:50:01.0218 2996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/25 13:50:01.0265 2996 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/25 13:50:01.0312 2996 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/25 13:50:01.0375 2996 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/25 13:50:01.0437 2996 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/25 13:50:01.0515 2996 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/25 13:50:01.0578 2996 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/25 13:50:01.0640 2996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/25 13:50:01.0656 2996 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/25 13:50:01.0687 2996 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/25 13:50:01.0765 2996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/25 13:50:01.0843 2996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/25 13:50:01.0953 2996 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/25 13:50:02.0000 2996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/25 13:50:02.0062 2996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/25 13:50:02.0156 2996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/25 13:50:02.0578 2996 nv (406ddab2b05d94d4818e97ff050d1bc6) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/25 13:50:02.0937 2996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/25 13:50:03.0046 2996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/25 13:50:03.0187 2996 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/25 13:50:03.0296 2996 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/25 13:50:03.0343 2996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/25 13:50:03.0390 2996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/25 13:50:03.0453 2996 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/25 13:50:03.0500 2996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/25 13:50:03.0562 2996 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/25 13:50:03.0687 2996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/25 13:50:03.0718 2996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/25 13:50:03.0750 2996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/25 13:50:03.0828 2996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/25 13:50:03.0921 2996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/25 13:50:03.0968 2996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/25 13:50:04.0015 2996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/25 13:50:04.0062 2996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/25 13:50:04.0109 2996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/25 13:50:04.0453 2996 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/25 13:50:04.0546 2996 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/25 13:50:04.0593 2996 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/25 13:50:04.0640 2996 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/03/25 13:50:04.0718 2996 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/03/25 13:50:04.0781 2996 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/03/25 13:50:04.0828 2996 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
2011/03/25 13:50:04.0890 2996 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
2011/03/25 13:50:04.0953 2996 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/25 13:50:05.0000 2996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/25 13:50:05.0062 2996 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/25 13:50:05.0125 2996 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/03/25 13:50:05.0171 2996 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/03/25 13:50:05.0218 2996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/25 13:50:05.0296 2996 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/25 13:50:05.0375 2996 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
2011/03/25 13:50:05.0453 2996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/25 13:50:05.0515 2996 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/25 13:50:05.0578 2996 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/25 13:50:05.0687 2996 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/03/25 13:50:05.0750 2996 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/25 13:50:05.0796 2996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/25 13:50:05.0843 2996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/25 13:50:05.0859 2996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/25 13:50:05.0921 2996 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/25 13:50:05.0984 2996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/25 13:50:06.0015 2996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/25 13:50:06.0046 2996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/25 13:50:06.0171 2996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/25 13:50:06.0234 2996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/25 13:50:06.0343 2996 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/25 13:50:06.0406 2996 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/25 13:50:06.0453 2996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/25 13:50:06.0531 2996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/25 13:50:06.0593 2996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/25 13:50:06.0656 2996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/25 13:50:06.0765 2996 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/25 13:50:06.0859 2996 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/25 13:50:06.0921 2996 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/25 13:50:06.0984 2996 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/03/25 13:50:07.0062 2996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/25 13:50:07.0171 2996 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/25 13:50:07.0218 2996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/25 13:50:07.0312 2996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/25 13:50:07.0406 2996 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/25 13:50:07.0515 2996 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/25 13:50:07.0578 2996 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/25 13:50:07.0656 2996 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/25 13:50:07.0687 2996 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/25 13:50:07.0765 2996 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/25 13:50:07.0765 2996 ================================================================================
2011/03/25 13:50:07.0765 2996 Scan finished
2011/03/25 13:50:07.0765 2996 ================================================================================
2011/03/25 13:50:07.0765 3024 Detected object count: 1
2011/03/25 13:50:26.0562 3024 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/25 13:50:26.0562 3024 \HardDisk0 - ok
2011/03/25 13:50:26.0562 3024 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/25 13:50:36.0140 1496 Deinitialize success


And here is Combofix:

ComboFix 11-03-24.06 - Loralee 03/25/2011 14:00:29.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1573 [GMT -4:00]
Running from: c:\documents and settings\Loralee\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoActivate.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoHelp.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoUninstall.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe
c:\windows\system32\itlnfw32.dll
c:\windows\system32\itlpfw32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
.
.
2011-03-24 21:45 . 2011-03-24 21:47 -------- d-----w- c:\windows\system32\Adobe
2011-03-24 20:44 . 2011-03-24 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos Web Intelligence
2011-03-24 20:44 . 2011-03-24 20:44 -------- d-----w- c:\program files\Common Files\Cisco Systems
2011-03-24 20:43 . 2010-07-23 17:31 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-03-24 20:42 . 2010-10-08 14:14 24064 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys
2011-03-24 20:42 . 2010-10-08 14:14 153344 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2011-03-24 20:42 . 2008-05-23 07:38 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-03-24 19:00 . 2011-03-24 19:00 -------- d-----w- c:\program files\DIFX
2011-03-24 18:59 . 2006-11-15 04:16 32256 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-03-24 18:59 . 2006-11-14 21:35 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2011-03-24 18:59 . 2005-05-06 23:06 16480 ----a-w- c:\windows\system32\rixdicon.dll
2011-03-24 18:59 . 2006-11-14 23:42 43520 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-03-24 18:59 . 2004-09-03 14:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2011-03-24 04:03 . 2011-03-24 04:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-02 19:06 . 2011-03-07 19:28 -------- d-----w- c:\program files\Sea3D
2011-03-02 15:53 . 2011-03-02 15:53 -------- d-----w- c:\documents and settings\Loralee\Application Data\Oberon Media
2011-03-02 15:53 . 2011-03-02 18:41 -------- d-----w- c:\program files\MSN Games
2011-02-25 19:55 . 2011-02-25 22:05 -------- d-----w- c:\documents and settings\Loralee\Local Settings\Application Data\CutePDF Writer
2011-02-25 19:54 . 2011-02-25 19:54 -------- d-----w- c:\program files\GPLGS
2011-02-25 19:54 . 2009-11-05 12:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-02-25 19:54 . 2011-02-25 19:54 -------- d-----w- c:\program files\Acro Software
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-14 09:42 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 09:41 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-02 07:58 . 2010-01-25 15:34 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-01-25 15:34 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 09:42 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 09:39 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-04-14 05:00 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2010-12-11_22.21.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-12-17 08:00 . 2002-12-17 08:00 82253 c:\windows\unins000.exe
+ 2011-03-02 19:06 . 2011-03-07 19:28 10936 c:\windows\unins000.dat
+ 2011-03-25 18:06 . 2011-03-25 18:06 16384 c:\windows\Temp\Perflib_Perfdata_7a0.dat
- 2008-04-14 09:42 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 09:42 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2010-01-25 20:30 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2010-01-25 20:30 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 10:00 . 2011-03-25 17:57 40394 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2010-12-11 19:20 40394 c:\windows\system32\perfc009.dat
+ 2010-01-25 19:36 . 2010-12-21 19:40 94537 c:\windows\system32\nvModes.dat
- 2008-09-18 18:01 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 43520 c:\windows\system32\licmgr10.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
- 2010-01-25 15:36 . 2008-04-14 09:41 81920 c:\windows\system32\isign32.dll
+ 2010-01-25 15:36 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
+ 2011-03-24 18:59 . 2006-11-14 21:35 37376 c:\windows\system32\DRVSTORE\rixdptsk_0D7A83C1B48CDC1DF8A41B44C97F2A9295350D76\rixdptsk.sys
+ 2011-03-24 18:59 . 2005-05-06 23:06 16480 c:\windows\system32\DRVSTORE\rixdptsk_0D7A83C1B48CDC1DF8A41B44C97F2A9295350D76\rixdicon.dll
+ 2011-03-24 18:59 . 2004-09-03 14:00 90112 c:\windows\system32\DRVSTORE\rimsptsk_160EAF8844DAFFD63505557B90B41496E64C136A\snymsico.dll
+ 2011-03-24 18:59 . 2006-11-14 23:42 43520 c:\windows\system32\DRVSTORE\rimsptsk_160EAF8844DAFFD63505557B90B41496E64C136A\rimsptsk.sys
+ 2011-03-24 18:59 . 2006-11-15 04:16 32256 c:\windows\system32\DRVSTORE\rimmptsk_01759BDBD4096A5241053A76A22A5A5BAC1000AE\rimmptsk.sys
+ 2008-04-14 04:27 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
- 2010-10-15 12:43 . 2010-11-29 22:42 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-10-15 12:43 . 2010-12-20 23:09 38224 c:\windows\system32\drivers\mbamswissarmy.sys
- 2010-10-15 12:42 . 2010-11-29 22:42 20952 c:\windows\system32\drivers\mbam.sys
+ 2010-10-15 12:42 . 2010-12-20 23:08 20952 c:\windows\system32\drivers\mbam.sys
- 2010-01-25 19:29 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-01-25 19:29 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-01-25 15:36 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2008-04-14 04:27 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2008-09-18 18:01 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-01-25 19:29 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-01-25 19:29 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-01-25 15:36 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
- 2010-01-25 15:36 . 2008-04-14 09:41 81920 c:\windows\system32\dllcache\isign32.dll
+ 2008-04-14 09:41 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-04-14 09:41 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 09:41 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
- 2008-04-14 09:41 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2011-03-24 21:47 . 2011-03-24 21:47 87711 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2011-02-02 13:46 . 2011-02-02 13:46 98304 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2011-02-02 13:55 . 2011-02-02 13:55 68536 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2011-03-24 20:44 . 2011-03-24 20:44 25214 c:\windows\Installer\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\MainGUIShortcut.exe
+ 2011-03-24 20:44 . 2011-03-24 20:44 25214 c:\windows\Installer\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\ARPPRODUCTICON.exe
+ 2010-01-25 18:33 . 2011-03-10 02:12 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-01-25 18:33 . 2011-03-10 02:12 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-01-25 18:33 . 2011-03-10 02:12 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-01-25 18:33 . 2011-03-10 02:12 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2010-01-25 18:33 . 2011-03-10 02:12 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2010-01-25 18:33 . 2011-03-10 02:12 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-05 00:01 . 2011-02-16 01:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-05 00:01 . 2010-09-30 00:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-03-15 13:13 . 2011-03-23 16:57 65536 c:\windows\Installer\{15C418EB-7675-42be-B2B3-281952DA014D}\ARPPRODUCTICON.exe
- 2010-09-16 23:49 . 2010-09-17 00:07 65536 c:\windows\Installer\{15C418EB-7675-42be-B2B3-281952DA014D}\ARPPRODUCTICON.exe
+ 2011-02-10 01:40 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2011-02-10 01:40 . 2009-12-14 07:08 33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll
+ 2010-12-16 01:03 . 2010-06-21 14:46 46080 c:\windows\$NtUninstallKB2443685$\tzchange.exe
+ 2010-12-16 01:03 . 2010-11-05 05:57 16896 c:\windows\$NtUninstallKB2443685$\spuninst\tzchange.dll
+ 2010-12-16 01:04 . 2008-04-14 09:41 81920 c:\windows\$NtUninstallKB2443105$\isign32.dll
+ 2010-12-16 01:03 . 2008-04-14 04:27 40576 c:\windows\$NtUninstallKB2440591$\ndproxy.sys
+ 2010-12-16 01:01 . 2008-04-14 09:42 46080 c:\windows\$NtUninstallKB2423089$\wab.exe
+ 2011-02-10 01:43 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-10 01:43 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-10 01:42 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-10 01:42 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-10 01:41 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-10 01:41 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-02-10 01:42 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-10 01:42 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-10 01:43 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2011-02-10 01:43 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2011-02-10 01:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2011-02-10 01:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2011-02-10 01:40 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-10 01:40 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2010-12-09 14:29 . 2010-12-09 14:29 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2010-12-16 01:03 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
+ 2010-12-16 01:03 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2467659\spmsg.dll
+ 2010-12-16 01:04 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
+ 2010-12-16 01:04 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2443105\spmsg.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
+ 2010-12-16 01:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2440591\update\spcustom.dll
+ 2010-12-16 01:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2440591\spmsg.dll
+ 2010-12-15 16:55 . 2010-11-03 05:55 40960 c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys
+ 2010-12-16 01:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2436673\update\spcustom.dll
+ 2010-12-16 01:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2436673\spmsg.dll
+ 2010-12-16 01:01 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2423089\update\spcustom.dll
+ 2010-12-16 01:01 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2423089\spmsg.dll
+ 2010-12-15 16:54 . 2010-10-11 14:55 45568 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
+ 2011-01-13 01:01 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-13 01:01 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2010-12-16 01:03 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2416400-IE8\update\spcustom.dll
+ 2010-12-16 01:03 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2416400-IE8\spmsg.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 12800 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\xpshims.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 66560 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtmled.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 55296 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeedsbs.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 43520 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\licmgr10.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 25600 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\jsproxy.dll
+ 2011-02-10 01:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
+ 2011-02-09 20:37 . 2010-12-09 15:15 16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
+ 2011-02-10 01:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2393802\spmsg.dll
+ 2010-12-16 01:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2296199\update\spcustom.dll
+ 2010-12-16 01:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2296199\spmsg.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2010-01-25 18:33 . 2011-03-10 02:12 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-18 18:01 . 2010-09-10 05:58 916480 c:\windows\system32\wininet.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 916480 c:\windows\system32\wininet.dll
+ 2011-02-25 19:54 . 2006-11-02 08:46 543232 c:\windows\system32\spool\drivers\w32x86\PSCRIPT5.DLL
+ 2011-02-25 19:54 . 2006-11-02 08:46 728576 c:\windows\system32\spool\drivers\w32x86\PS5UI.DLL
+ 2011-02-25 19:54 . 2006-11-02 08:46 543232 c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2011-02-25 19:54 . 2006-11-02 08:46 728576 c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2008-04-14 09:42 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 135168 c:\windows\system32\shsvcs.dll
- 2004-08-04 10:00 . 2010-12-11 19:20 312172 c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2011-03-25 17:57 312172 c:\windows\system32\perfh009.dat
- 2008-04-14 09:42 . 2008-04-14 09:42 249856 c:\windows\system32\odbc32.dll
+ 2008-04-14 09:42 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
+ 2008-04-14 09:41 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
+ 2002-01-05 08:37 . 2002-01-05 08:37 344064 c:\windows\system32\msvcr70.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
+ 2008-04-14 09:41 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
- 2008-04-14 09:41 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2008-04-14 09:41 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
- 2008-04-14 09:41 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
- 2008-09-18 18:00 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
+ 2008-09-18 18:00 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
- 2008-09-18 18:00 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
+ 2008-09-18 18:00 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
+ 2008-09-18 18:00 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
+ 2010-01-25 10:27 . 2011-02-11 17:48 258248 c:\windows\system32\FNTCACHE.DAT
- 2010-01-25 10:27 . 2010-10-15 01:53 258248 c:\windows\system32\FNTCACHE.DAT
+ 2008-09-18 18:01 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2008-04-14 09:42 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2008-04-14 09:42 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2008-04-14 09:42 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 270848 c:\windows\system32\dllcache\sbe.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2008-04-14 09:42 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 09:41 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
- 2010-01-25 15:36 . 2008-04-14 09:42 102400 c:\windows\system32\dllcache\msjro.dll
+ 2010-01-25 15:36 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
- 2010-01-25 19:29 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-01-25 19:29 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-01-25 15:36 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2010-01-25 15:36 . 2008-04-14 09:42 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-01-25 15:36 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2010-01-25 15:36 . 2008-04-14 09:42 180224 c:\windows\system32\dllcache\msadomd.dll
- 2010-01-25 15:36 . 2008-04-14 09:42 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-01-25 15:36 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-01-25 15:36 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2010-01-25 15:36 . 2008-04-14 09:42 143360 c:\windows\system32\dllcache\msadco.dll
+ 2008-04-14 09:41 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2008-04-14 09:41 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2010-01-25 15:34 . 2008-04-14 09:42 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2010-01-25 15:34 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2008-04-14 09:41 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-04-14 09:41 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2010-01-25 19:29 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-01-25 19:29 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-09-18 18:00 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-09-18 18:00 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-09 21:26 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-09 21:26 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2008-09-18 18:00 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-09-18 18:00 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-09-18 18:00 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 09:41 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-04-14 09:39 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2011-02-02 13:46 . 2011-02-02 13:46 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2011-02-02 13:55 . 2011-02-02 13:55 469944 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1159620.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 136568 c:\windows\system32\Adobe\Shockwave 11\SCC.dll
+ 2011-02-02 13:48 . 2011-02-02 13:48 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 798208 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2011-02-02 13:46 . 2011-02-02 13:46 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2011-02-02 13:55 . 2011-02-02 13:55 215992 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 135168 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2010-11-12 16:08 . 2010-11-12 16:08 889344 c:\windows\Installer\c502723.msp
+ 2011-02-21 14:10 . 2011-02-21 14:10 628224 c:\windows\Installer\32b6ae0e.msi
+ 2010-01-25 18:33 . 2011-03-10 02:11 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-01-25 18:33 . 2011-03-10 02:12 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-01-25 18:33 . 2011-03-10 02:12 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-01-25 18:33 . 2011-03-10 02:12 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-01-25 18:33 . 2011-03-10 02:12 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-01-25 18:33 . 2010-11-11 01:03 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-01-25 18:33 . 2011-03-10 02:12 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-02-10 01:40 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-10 01:41 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-10 01:41 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-10 01:40 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-10 01:40 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2010-12-16 01:03 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-16 01:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-16 01:03 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-16 01:03 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-16 01:03 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2011-02-10 01:43 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2485376$\spuninst\updspapi.dll
+ 2011-02-10 01:43 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
+ 2011-02-10 01:43 . 2010-10-28 13:13 290048 c:\windows\$NtUninstallKB2485376$\atmfd.dll
+ 2011-02-10 01:42 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2483185$\spuninst\updspapi.dll
+ 2011-02-10 01:42 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
+ 2011-02-10 01:42 . 2008-04-14 09:42 438272 c:\windows\$NtUninstallKB2483185$\shimgvw.dll
+ 2011-02-10 01:42 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479628$\spuninst\updspapi.dll
+ 2011-02-10 01:42 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
+ 2011-02-10 01:43 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478971$\spuninst\updspapi.dll
+ 2011-02-10 01:43 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
+ 2011-02-10 01:43 . 2009-06-25 08:25 301568 c:\windows\$NtUninstallKB2478971$\kerberos.dll
+ 2011-02-10 01:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478960$\spuninst\updspapi.dll
+ 2011-02-10 01:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
+ 2011-02-10 01:01 . 2009-06-25 08:25 730112 c:\windows\$NtUninstallKB2478960$\lsasrv.dll
+ 2011-02-10 01:40 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2476687$\spuninst\updspapi.dll
+ 2011-02-10 01:40 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
+ 2010-12-16 01:03 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2467659$\spuninst\updspapi.dll
+ 2010-12-16 01:03 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe
+ 2010-12-16 01:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2443685$\spuninst\updspapi.dll
+ 2010-12-16 01:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe
+ 2010-12-16 01:04 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2443105$\spuninst\updspapi.dll
+ 2010-12-16 01:04 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe
+ 2010-12-16 01:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2440591$\spuninst\updspapi.dll
+ 2010-12-16 01:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe
+ 2010-12-16 01:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2436673$\spuninst\updspapi.dll
+ 2010-12-16 01:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2436673$\spuninst\spuninst.exe
+ 2010-12-16 01:01 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2423089$\spuninst\updspapi.dll
+ 2010-12-16 01:01 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe
+ 2011-01-13 01:01 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll
+ 2011-01-13 01:01 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
+ 2011-01-13 01:01 . 2008-04-14 09:42 249856 c:\windows\$NtUninstallKB2419632$\odbc32.dll
+ 2011-01-13 01:01 . 2008-04-14 09:42 102400 c:\windows\$NtUninstallKB2419632$\msjro.dll
+ 2011-01-13 01:01 . 2008-04-14 09:42 200704 c:\windows\$NtUninstallKB2419632$\msadox.dll
+ 2011-01-13 01:01 . 2008-04-14 09:42 180224 c:\windows\$NtUninstallKB2419632$\msadomd.dll
+ 2011-01-13 01:01 . 2008-04-14 09:42 536576 c:\windows\$NtUninstallKB2419632$\msado15.dll
+ 2011-01-13 01:01 . 2008-04-14 09:42 143360 c:\windows\$NtUninstallKB2419632$\msadco.dll
+ 2011-02-10 01:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2393802$\spuninst\updspapi.dll
+ 2011-02-10 01:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
+ 2011-02-10 01:01 . 2009-02-09 12:10 714752 c:\windows\$NtUninstallKB2393802$\ntdll.dll
+ 2010-12-16 01:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2296199$\spuninst\updspapi.dll
+ 2010-12-16 01:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2296199$\spuninst\spuninst.exe
+ 2010-12-16 01:04 . 2010-09-01 11:51 285824 c:\windows\$NtUninstallKB2296199$\atmfd.dll
+ 2011-02-10 01:43 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-10 01:43 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-10 01:43 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-01-07 14:09 . 2011-01-07 14:09 290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-10 01:42 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2011-02-10 01:42 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-02-10 01:42 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42 439808 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2011-02-10 01:41 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-10 01:41 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-10 01:41 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-09 20:58 . 2010-12-20 23:58 919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-09 20:58 . 2010-12-20 12:48 173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-10 01:42 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
+ 2011-02-10 01:42 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-02-10 01:42 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-02-10 01:43 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2011-02-10 01:43 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2011-02-10 01:43 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32 301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2011-02-10 01:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
+ 2011-02-10 01:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2011-02-10 01:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2010-12-20 17:24 . 2010-12-20 17:24 730112 c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
+ 2011-02-10 01:40 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-10 01:40 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-10 01:40 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2010-12-16 01:03 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2467659\update\updspapi.dll
+ 2010-12-16 01:03 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2467659\update\update.exe
+ 2010-12-16 01:03 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2467659\spuninst.exe
+ 2010-12-16 01:04 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2443105\update\updspapi.dll
+ 2010-12-16 01:04 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2443105\update\update.exe
+ 2010-12-16 01:04 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2443105\spuninst.exe
+ 2010-12-16 01:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2440591\update\updspapi.dll
+ 2010-12-16 01:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2440591\update\update.exe
+ 2010-12-16 01:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2440591\spuninst.exe
+ 2010-12-16 01:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2436673\update\updspapi.dll
+ 2010-12-16 01:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2436673\update\update.exe
+ 2010-12-16 01:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2436673\spuninst.exe
+ 2010-12-16 01:01 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2423089\update\updspapi.dll
+ 2010-12-16 01:01 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2423089\update\update.exe
+ 2010-12-16 01:01 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2423089\spuninst.exe
+ 2011-01-13 01:01 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-01-13 01:01 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-01-13 01:01 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:50 . 2010-11-09 14:50 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2010-12-16 01:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2416400-IE8\update\updspapi.dll
+ 2010-12-16 01:03 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2416400-IE8\update\update.exe
+ 2010-12-16 01:03 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2416400-IE8\spuninst.exe
+ 2010-12-15 16:55 . 2010-11-06 00:27 919552 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 206848 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\occache.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 611840 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mstime.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 602112 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeeds.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 247808 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieproxy.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 184320 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iepeers.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 743424 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedvtool.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 387584 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedkcs32.dll
+ 2010-12-15 16:55 . 2010-11-03 12:01 173568 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-10 01:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2393802\update\updspapi.dll
+ 2011-02-10 01:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2393802\update\update.exe
+ 2011-02-10 01:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2393802\spuninst.exe
+ 2011-02-09 20:37 . 2010-12-09 15:15 718336 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
+ 2010-12-16 01:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2296199\update\updspapi.dll
+ 2010-12-16 01:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2296199\update\update.exe
+ 2010-12-16 01:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2296199\spuninst.exe
+ 2010-10-28 13:08 . 2010-10-28 13:08 290048 c:\windows\$hf_mig$\KB2296199\SP3QFE\atmfd.dll
+ 2008-09-18 18:01 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
- 2008-04-14 09:42 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2008-04-14 09:42 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
- 2008-09-18 18:06 . 2008-09-18 18:06 1614848 c:\windows\system32\sfcfiles.dll
+ 2008-09-18 18:06 . 2010-12-12 02:46 1614848 c:\windows\system32\sfcfiles.dll
+ 2008-04-14 04:54 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 04:01 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-18 18:01 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll
+ 2008-09-18 18:00 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2008-04-14 05:00 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2008-09-18 18:01 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2008-09-18 18:01 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2008-04-14 09:42 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-04-14 09:42 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2010-01-25 18:45 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-01-25 18:45 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-01-25 18:45 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-09-18 18:01 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll
+ 2010-01-25 15:34 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2010-01-25 19:29 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-02-02 13:39 . 2011-02-02 13:39 1019904 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 2224816 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2011-02-02 13:41 . 2011-02-02 13:41 1802240 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2010-10-22 20:45 . 2010-10-22 20:45 8444928 c:\windows\Installer\c502738.msp
+ 2010-12-06 20:02 . 2010-12-06 20:02 5518848 c:\windows\Installer\c502708.msp
+ 2010-10-02 02:53 . 2010-10-02 02:53 4147712 c:\windows\Installer\c5026f3.msp
+ 2011-01-17 21:06 . 2011-01-17 21:06 5518848 c:\windows\Installer\8dc57707.msp
+ 2011-03-24 20:44 . 2011-03-24 20:44 2959360 c:\windows\Installer\64703.msi
+ 2011-02-22 15:32 . 2011-02-22 15:32 5520384 c:\windows\Installer\45d354ba.msp
+ 2011-03-23 16:57 . 2011-03-23 16:57 1554944 c:\windows\Installer\24fa4edb.msi
+ 2011-02-10 01:40 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-10 01:40 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2010-01-25 18:45 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-01-25 18:45 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-01-25 18:45 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-02-10 01:42 . 2010-07-27 06:30 8462336 c:\windows\$NtUninstallKB2483185$\shell32.dll
+ 2011-02-10 01:42 . 2010-10-26 13:25 1853312 c:\windows\$NtUninstallKB2479628$\win32k.sys
+ 2010-12-16 01:03 . 2010-08-31 13:42 1852800 c:\windows\$NtUninstallKB2436673$\win32k.sys
+ 2011-02-10 01:01 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
+ 2011-02-10 01:01 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
+ 2011-02-10 01:01 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
+ 2011-02-10 01:01 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42 8463360 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2010-12-31 13:14 . 2010-12-31 13:14 1864064 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
+ 2010-10-26 13:27 . 2010-10-26 13:27 1862272 c:\windows\$hf_mig$\KB2436673\SP3QFE\win32k.sys
+ 2010-12-15 16:55 . 2010-11-06 00:27 1211904 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\urlmon.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 5960704 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
+ 2010-12-15 16:55 . 2010-11-06 00:27 1992192 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iertutil.dll
+ 2011-02-09 20:37 . 2010-12-09 13:43 2192768 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
+ 2011-02-09 20:37 . 2010-12-09 13:09 2027008 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
+ 2010-12-09 23:39 . 2010-12-09 23:39 2069376 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
+ 2011-02-09 20:37 . 2010-12-09 13:47 2148864 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
+ 2010-01-25 19:25 . 2011-03-10 02:12 37943240 c:\windows\system32\MRT.exe
+ 2008-09-18 18:00 . 2010-12-21 10:29 11080704 c:\windows\system32\ieframe.dll
+ 2010-01-25 19:29 . 2010-12-21 10:29 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2010-12-17 01:00 . 2010-12-17 01:00 20304384 c:\windows\Installer\6a424f.msp
+ 2011-02-16 01:00 . 2011-02-16 01:00 20308992 c:\windows\Installer\16259a11.msp
+ 2011-02-10 01:40 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2010-12-16 01:03 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
+ 2011-02-09 20:58 . 2010-12-20 23:58 11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
+ 2010-11-06 10:57 . 2010-11-06 10:57 11082752 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]
"nwiz"="nwiz.exe" [2009-05-01 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NVHotkey"="nvHotkey.dll" [2009-05-01 86016]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-12-07 16:01 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
2007-02-22 05:38 361368 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLUPDR]
2007-02-22 05:38 140184 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-30 14:37 136176 ----atw- c:\documents and settings\Loralee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 20:59 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Loralee\\Desktop\\DCPlusPlus-0.750\\DCPlusPlus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Loralee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Loralee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [3/24/2011 4:42 PM 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [3/24/2011 4:42 PM 24064]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2/3/2010 10:20 AM 140184]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/8/2010 10:15 AM 163056]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [6/4/2010 6:23 AM 97520]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [10/8/2010 10:15 AM 1541360]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [3/24/2011 4:42 PM 14976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-25 04:21]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1644491937-1417001333-1010Core.job
- c:\documents and settings\Loralee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-30 14:37]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1644491937-1417001333-1010UA.job
- c:\documents and settings\Loralee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-30 14:37]
.
2011-03-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\documents and settings\Loralee\Application Data\Mozilla\Firefox\Profiles\urg7gy8k.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/p/2.html
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
Notify-itlntfy - itlnfw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-25 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3184)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-03-25 14:10:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-25 18:10
ComboFix2.txt 2010-12-12 04:06
ComboFix3.txt 2010-12-11 22:23
.
Pre-Run: 19,629,080,576 bytes free
Post-Run: 20,088,184,832 bytes free
.
- - End Of File - - 608DDBB751EA491B994AADD72B831C94


Thank you!
 
#9 ·
lolerary:

How is your computer running now? Please do this next:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java(TM) 6 Update 17 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please run ESET Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
Please include the following in your next post:
  • How is your computer running now?
  • MBAM log
  • ESET log
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top