Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Pro, can't use FORMAT tool anywhere?!?!


  • This topic is locked This topic is locked
37 replies to this topic

#1 Balta

Balta

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 31 January 2009 - 02:03 PM

I sorry but I scan for virus and other malware and nothing shows up, but I couldn't figure out way I can use the FORMAT from my computer in any drive even on USB HDD, USB PENS, SD cards on card reader etc.. the format option is there but when I click nothing no window pops, not even I get any errors.

Also trought computer managment (Disk managment) most of the drives have the FORMAT option grey out and are not the ones from operating system.

Can I have some form of malware that is blocking this?

Here is my Hijack log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:15 PM, on 31/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
F:\SitesDevelop\apache\Apache2\bin\Apache.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
D:\Program Files\FileZilla Server\FileZilla Server.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\MagicTune Premium\MagicTuneEngine.exe
F:\SitesDevelop\apache\Apache2\bin\Apache.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\No-IP\DUC20.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TVersity\Media Server\MediaServer.exe
D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\Logi_MwX.Exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\OpenVPN\bin\openvpn-gui.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\MagicTune Premium\GammaTray.exe
F:\SitesDevelop\apache\Apache2\bin\ApacheMonitor.exe
D:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Trillian\trillian.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\Explorer.EXE
F:\SitesDevelop\mysql\bin\mysqld-nt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Notepad++\notepad++.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gw.atxsoftware.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Name of App] D:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BtTray] "D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FileZilla Server Interface] "D:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [openvpn-gui] D:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MBBalloon] D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [Certificate Import] D:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = F:\SitesDevelop\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = F:\SitesDevelop\apache\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Decompiler - D:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: MBNet - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - c:\progra~1\sibs\mbnet\icone.hta
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) -
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/downloads/sample...et/sbncheck.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} - https://www.mbnet.pt/cc/mbnetbrws.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,7...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154986089372
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128861032596
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?223
O17 - HKLM\System\CCS\Services\Tcpip\..\{A318B4AF-A749-4289-9495-C2F150F99D51}: NameServer = 62.193.242.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB916264-969B-4CAD-BF63-23888B197B7D}: NameServer = 192.168.0.254
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - D:\Program Files\Common Files\EzTools\hsppp.dll
O20 - AppInit_DLLs: d:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ALLY - Unknown owner - D:\DOCUME~1\Baltasar\LOCALS~1\Temp\ALLY.exe (file missing)
O23 - Service: Apache2 - Apache Software Foundation - F:\SitesDevelop\apache\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: I - Unknown owner - D:\DOCUME~1\Baltasar\LOCALS~1\Temp\I.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JDMJB - Unknown owner - D:\DOCUME~1\Baltasar\LOCALS~1\Temp\JDMJB.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MagicTuneEngine - Unknown owner - D:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: MySql - Unknown owner - F:/SitesDevelop/mysql/bin/mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - D:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PQ - Unknown owner - D:\DOCUME~1\Baltasar\LOCALS~1\Temp\PQ.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 14686 bytes


Thanks.

Attached Files


Edited by Balta, 31 January 2009 - 02:20 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 11 February 2009 - 04:11 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files before we run OTScanIt. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use any other browsers, select them appropriately from the top and empty all items.
Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Click the Extras button under "Additional Scans".
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.
Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. If you are using Windows Vista, right click the icon and select "Run as Administrator". Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
In your next reply include:
-the OTScanIt log (attached)
-the GMER log (pasted directly into your reply)

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

#3 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 11 February 2009 - 05:24 PM

Hi, thanks for your reply here is the logs you asked from runnig those tools.
Also that I'm aware I didn't change nothing since my initial post.

gmer:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-11 22:21:04
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB7054A72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xB705501E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xB7056A82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xB7056438]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateKey [0xB708A830]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB70583E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xB7054E1A]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwDeleteKey [0xB708A986]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xB705482A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xB7056744]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xB70588F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xB7054940]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xB70549A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xB70565FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xB7057EA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xB7056294]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xB705434A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xB7054C40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xB705840E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xB7054B96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xB7054A10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xB7054714]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xB70544F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xB7058110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xB7053E6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xB705730C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xB7053FCC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xB70587C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xB7053C68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xB7056924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xB7054F18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xB7057FA2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xB7058438]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetValueKey [0xB708A9EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xB705851C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xB7058648]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xB7057DD4]
SSDT \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6F09F20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xB7054D5C]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B706B1E8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B706B5A2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [ 1C, 85, 05, B7, 48, 86, 05, ... ]

---- User code sections - GMER 1.0.14 ----

? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[408] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[408] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 35 ]
.text D:\WINDOWS\system32\svchost.exe[464] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552F7E70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552F7E50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552F7E90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552F7F10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552F7EF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552F7E10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552F7DF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552F7ED0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552F7EB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552F7E30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552F7E70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552F7E50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552F7E90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552F7F10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552F7EF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552F7E10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552F7DF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552F7ED0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552F7EB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[632] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552F7E30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552F7E70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552F7E50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552F7E90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552F7F10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552F7EF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552F7E10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552F7DF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552F7ED0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552F7EB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552F7E30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552F7E70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552F7E50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552F7E90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552F7F10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552F7EF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552F7E10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552F7DF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552F7ED0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552F7EB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552F7E30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552F7E70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552F7E50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552F7E90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552F7F10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552F7EF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552F7E10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552F7DF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552F7ED0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552F7EB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552F7E30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552F7E70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552F7E50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552F7E90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552F7F10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552F7EF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552F7E10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552F7DF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552F7ED0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552F7EB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552F7E30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 552F7DD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 552F7DB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 552F7D70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 552F7D90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552F7E70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552F7E50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552F7E90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552F7F10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552F7EF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552F7E10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552F7DF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552F7ED0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552F7EB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1908] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552F7E30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552F7E70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552F7E50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552F7E90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552F7F10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552F7EF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552F7E10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552F7DF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552F7ED0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552F7EB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552F7E30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 552F7DD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 552F7DB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 552F7D70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\svchost.exe[1960] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 552F7D90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 552F7DD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 552F7DB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 552F7D70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 552F7D90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552F7E70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WS2_32.dll!bind 71AB4480 5 Bytes JMP 552F7E50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 552F7E90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WS2_32.dll!send 71AB4C27 5 Bytes JMP 552F7F10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WS2_32.dll!recv 71AB676F 5 Bytes JMP 552F7EF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552F7E10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552F7DF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 552F7ED0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552F7EB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\Explorer.EXE[4016] WS2_32.dll!accept 71AC1040 5 Bytes JMP 552F7E30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\rundll32.exe[4680] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\WINDOWS\system32\RUNDLL32.EXE[4968] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[5188] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[5188] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 35 ]
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 552F3E00 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 552F7D50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 552F7AD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 552F7CB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 552F7C90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 552F7C10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 552F7BF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 552F7BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 552F7D30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 552F7AF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 552F8BD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 552F7B70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 552F7C30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!ExitThread 7C80C0E8 7 Bytes JMP 552F7B50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!GlobalAlloc 7C80FDBD 7 Bytes JMP 552F7BB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 552F7CF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 552F7B30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 552F7B10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!ResumeThread 7C83290F 5 Bytes JMP 552F7C50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!GetThreadContext 7C839725 5 Bytes JMP 552F7B90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 552F7D10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 552F7CD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 552F7C70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 552F7DD0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 552F7DB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 552F7D70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 552F7D90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 552F7E70 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ws2_32.dll!bind 71AB4480 5 Bytes JMP 552F7E50 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 552F7E90 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ws2_32.dll!send 71AB4C27 5 Bytes JMP 552F7F10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ws2_32.dll!recv 71AB676F 5 Bytes JMP 552F7EF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ws2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 552F7E10 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ws2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 552F7DF0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ws2_32.dll!listen 71AB8CD3 5 Bytes JMP 552F7ED0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ws2_32.dll!getpeername 71AC0B68 5 Bytes JMP 552F7EB0 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text D:\Program Files\Internet Explorer\iexplore.exe[5464] ws2_32.dll!accept 71AC1040 5 Bytes JMP 552F7E30 D:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 8BE48530
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 8BE48530

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

---- Threads - GMER 1.0.14 ----

Thread 4:556 8BE857A0
Thread 4:560 8BE857A0
Thread 4:572 8BE55A30
Thread 4:576 8BE55A30
Thread 4:580 8BE55A30
Thread 4:704 8BA6E0B0
---- Processes - GMER 1.0.14 ----

Library D:\Documents (*** hidden *** ) @ D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [408] 0x09480000

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027200f5df
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027200f5df@0060578db229 0xE1 0x31 0xCC 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027200f5df@0005c96f591e 0x93 0xD0 0x07 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027200f5df@00121c639d32 0x8D 0x67 0x5F 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027200f5df@000319864d07 0x29 0xC7 0x73 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet002\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet003\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet003\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet004\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet004\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet005\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet005\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet006\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet006\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet007\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet007\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet008\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet008\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00027200f5df
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00027200f5df@0060578db229 0xE1 0x31 0xCC 0xCC ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00027200f5df@0005c96f591e 0x93 0xD0 0x07 0xC1 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00027200f5df@00121c639d32 0x8D 0x67 0x5F 0xBE ...
Reg HKLM\SYSTEM\ControlSet009\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet009\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00027200f5df
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00027200f5df@0060578db229 0xE1 0x31 0xCC 0xCC ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00027200f5df@0005c96f591e 0x93 0xD0 0x07 0xC1 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00027200f5df@00121c639d32 0x8D 0x67 0x5F 0xBE ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00027200f5df@000319864d07 0x29 0xC7 0x73 0xB4 ...
Reg HKLM\SYSTEM\ControlSet010\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet010\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\00027200f5df
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\00027200f5df@0060578db229 0xE1 0x31 0xCC 0xCC ...
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\00027200f5df@0005c96f591e 0x93 0xD0 0x07 0xC1 ...
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\00027200f5df@00121c639d32 0x8D 0x67 0x5F 0xBE ...
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\00027200f5df@000319864d07 0x29 0xC7 0x73 0xB4 ...
Reg HKLM\SYSTEM\ControlSet011\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet011\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00027200f5df
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00027200f5df@0060578db229 0xE1 0x31 0xCC 0xCC ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00027200f5df@0005c96f591e 0x93 0xD0 0x07 0xC1 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00027200f5df@00121c639d32 0x8D 0x67 0x5F 0xBE ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00027200f5df@000319864d07 0x29 0xC7 0x73 0xB4 ...
Reg HKLM\SYSTEM\ControlSet012\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet012\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\00027200f5df
Reg HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\00027200f5df@0060578db229 0xE1 0x31 0xCC 0xCC ...
Reg HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\00027200f5df@0005c96f591e 0x93 0xD0 0x07 0xC1 ...
Reg HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\00027200f5df@00121c639d32 0x8D 0x67 0x5F 0xBE ...
Reg HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\00027200f5df@000319864d07 0x29 0xC7 0x73 0xB4 ...
Reg HKLM\SYSTEM\ControlSet013\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet013\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet013\Services\BTHPORT\Parameters\Keys\00027200f5df
Reg HKLM\SYSTEM\ControlSet013\Services\BTHPORT\Parameters\Keys\00027200f5df@0060578db229 0xE1 0x31 0xCC 0xCC ...
Reg HKLM\SYSTEM\ControlSet013\Services\BTHPORT\Parameters\Keys\00027200f5df@0005c96f591e 0x93 0xD0 0x07 0xC1 ...
Reg HKLM\SYSTEM\ControlSet013\Services\BTHPORT\Parameters\Keys\00027200f5df@00121c639d32 0x8D 0x67 0x5F 0xBE ...
Reg HKLM\SYSTEM\ControlSet013\Services\BTHPORT\Parameters\Keys\00027200f5df@000319864d07 0x29 0xC7 0x73 0xB4 ...
Reg HKLM\SYSTEM\ControlSet014\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet014\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\00027200f5df
Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\00027200f5df@0060578db229 0xE1 0x31 0xCC 0xCC ...
Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\00027200f5df@0005c96f591e 0x93 0xD0 0x07 0xC1 ...
Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\00027200f5df@00121c639d32 0x8D 0x67 0x5F 0xBE ...
Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\00027200f5df@000319864d07 0x29 0xC7 0x73 0xB4 ...
Reg HKLM\SYSTEM\ControlSet015\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet015\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet015\Services\BTHPORT\Parameters\Keys\00027200f5df
Reg HKLM\SYSTEM\ControlSet015\Services\BTHPORT\Parameters\Keys\00027200f5df@0060578db229 0xE1 0x31 0xCC 0xCC ...
Reg HKLM\SYSTEM\ControlSet015\Services\BTHPORT\Parameters\Keys\00027200f5df@0005c96f591e 0x93 0xD0 0x07 0xC1 ...
Reg HKLM\SYSTEM\ControlSet015\Services\BTHPORT\Parameters\Keys\00027200f5df@00121c639d32 0x8D 0x67 0x5F 0xBE ...
Reg HKLM\SYSTEM\ControlSet015\Services\BTHPORT\Parameters\Keys\00027200f5df@000319864d07 0x29 0xC7 0x73 0xB4 ...
Reg HKLM\SYSTEM\ControlSet016\Control\SecurePipeServers\com\AllowedPaths
Reg HKLM\SYSTEM\ControlSet016\Control\SecurePipeServers\com\AllowedPaths@ 0xD0 0xE3 0x2C 0x42 ...
Reg HKLM\SYSTEM\ControlSet016\Services\BTHPORT\Parameters\Keys\00027200f5df
Reg HKLM\SYSTEM\ControlSet016\Services\BTHPORT\Parameters\Keys\00027200f5df@0060578db229 0xE1 0x31 0xCC 0xCC ...
Reg HKLM\SYSTEM\ControlSet016\Services\BTHPORT\Parameters\Keys\00027200f5df@0005c96f591e 0x93 0xD0 0x07 0xC1 ...
Reg HKLM\SYSTEM\ControlSet016\Services\BTHPORT\Parameters\Keys\00027200f5df@00121c639d32 0x8D 0x67 0x5F 0xBE ...
Reg HKLM\SYSTEM\ControlSet016\Services\BTHPORT\Parameters\Keys\00027200f5df@000319864d07 0x29 0xC7 0x73 0xB4 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Nls\com\AllowedPaths
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Nls\com\AllowedPaths@ 0xEA 0xDD 0x2C 0x42 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths@ 0x5A 0xE6 0x2C 0x42 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{460DD938-5FC5-A5FB-D3A2-9B52382FC2F3}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{460DD938-5FC5-A5FB-D3A2-9B52382FC2F3}\InProcServer32@abdjpblebkmiabkmlkopbaepfhaabdkigi 0x6B 0x61 0x66 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{460DD938-5FC5-A5FB-D3A2-9B52382FC2F3}\InProcServer32@padjfbclpdnealkkhjlllfjpnhegcjnn 0x6B 0x61 0x66 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcb-2d9b-11d8-88bc-806d6172696f}@BaseClass Drive
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcb-2d9b-11d8-88bc-806d6172696f}\_Autorun
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcb-2d9b-11d8-88bc-806d6172696f}\_Autorun\DefaultIcon
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcb-2d9b-11d8-88bc-806d6172696f}\_Autorun\DefaultIcon@ G:\LG.ico
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD1MESSAGE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD1MESSAGE@ Microsoft AutoRoute is already installed on this computer. To run Microsoft AutoRoute insert the Run Disc. Would you like to reinstall or remove Microsoft AutoRoute?
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD2MESSAGE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD2MESSAGE@ Microsoft AutoRoute is not installed on your computer. The Run Disc is used only to run this application once it has been installed. To install Microsoft AutoRoute, insert the Setup Disc.
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD2RETAILONTRIAL
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD2RETAILONTRIAL@ You have inserted the Microsoft AutoRoute Run Disc on a machine that has the trial version installed. Please uninstall the trial version and then install the retail version.
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_NAME
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_NAME@ Microsoft AutoRoute
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_SETUPEXE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_SETUPEXE@ Setup_AR.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_TRIALOVERRETAIL
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_TRIALOVERRETAIL@ Setup has detected an existing version of Microsoft AutoRoute. You cannot install the trial version on a computer that already has the full version installed.
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\_Autorun\DefaultIcon@ H:\bootcd\icon.ico
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{460DD938-5FC5-A5FB-D3A2-9B52382FC2F3}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{852928BE-4182-2D36-227C-43DF14250B54}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{852928BE-4182-2D36-227C-43DF14250B54}@oakodmcbmagcnpmcfpbadabphkoaca 0x69 0x61 0x6D 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{852928BE-4182-2D36-227C-43DF14250B54}@naepfpdlphcdoaobmmcdcokjanep 0x69 0x61 0x6D 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8906638D-3F40-6F46-4469-CC5DD022F0AF}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8906638D-3F40-6F46-4469-CC5DD022F0AF}@iaaoammeggdicjlkci 0x6A 0x61 0x6D 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8906638D-3F40-6F46-4469-CC5DD022F0AF}@hacogpceicfchene 0x69 0x61 0x6D 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8906638D-3F40-6F46-4469-CC5DD022F0AF}@iampicoohemilenikc 0x63 0x61 0x6D 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8C2D21C-8D8B-67F3-1FCE-4E8AF254E36D}

---- EOF - GMER 1.0.14 ----

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 11 February 2009 - 05:56 PM

Hello Balta.

There were signs of previous infections.

I see that you are running more than one antivirus program, Kaspersky and Sophos. It is not recommended that you do so. In addition to wasting resources, the programs may detect virus signatures in the other and cause false positives. The different drivers used by the programs can cause crashes.

Please uninstall them until you are only running one antivirus using Add/Remove Programs.

While you are there, please also remove these old versions of Java:
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
J2SE Development Kit 5.0 Update 9

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Do not use the NTREGOPT that comes with the installation package.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. If you are using Windows Vista, right click the icon and select "Run As Administrator." Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.


Run Fix with OTScanIt
We will run OTScanIt with directives. If you have lost your copy of OTScanIt, download it here and extract it like you did last time.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Win32 Services - Safe List]
    YY -> (I) I [Win32_Own | On_Demand | Stopped] -> 
    YY -> (JDMJB) JDMJB [Win32_Own | On_Demand | Stopped] -> 
    YY -> (PQ) PQ [Win32_Own | On_Demand | Stopped] -> 
    [Registry - Safe List]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> "UnlockerAssistant" -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe ["D:\Program Files\Unlocker\UnlockerAssistant.exe"]
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Please post back with:
-the OTScanIt fix log
-a new OTScanIt scan log.

Please give me an update on the symptoms.

With Regards,
The Panda

#5 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 11 February 2009 - 07:14 PM

Ok I delete Sophos (was a trial just to see if I get anything that Kaspersky was not detecting).

I delete all the other you mension except "J2SE Runtime Environment 5.0 Update 6" that gives an error:

"Error applying transforms. Verify that the specified transform paths are valid."


Then I install the backup registry tool like you specifyed and also aply the copy/paste for the fix on OTScanIt .

Here is the OTScanIt fix log:

[Win32 Services - Safe List]
Service I stopped successfully!
Service I deleted successfully!
File not found.
Service JDMJB stopped successfully!
Service JDMJB deleted successfully!
File not found.
Service PQ stopped successfully!
Service PQ deleted successfully!
File not found.
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\UnlockerAssistant deleted successfully.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.7.1 fix logfile created on 02112009_235211


Also included is a new OTScanIt scan log file.


Symptons:

- Right click on any drive and use format still not working (no window popsup or any kind of error/message)
- New problem, "Windows Security Center" shows an icon reporting that I have any antivirus software installed and I have Kaspersky installed and updated.
I found out that if I restarted the "Security Center" service this problem disapears, but reapers on every reboot again.

Attached Files



#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 11 February 2009 - 08:43 PM

Hello.

Let's try uninstalling and reinstalling the Service Pack 3 using Add/Remove Programs.

After uninstall reinstall using Windows Update.

With Regards,
The Panda

#7 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 12 February 2009 - 05:49 AM

Arrrgghhhhh !!!

I got some errors on the end of removing SP3 like he cannot copy some files.
I think this wore a few of the files..
wmlayer.exe
pimball.exe
scvhelp.exe
... other help files, since they didnīt look important I skip so the SP3 removing went all the way.


BIG problem now, coputer doesn't start keeps rebooting on the windows logo screen more os less after the keyboard lights blink...

Safe mode works without problems.

Going to be dificult and slower now, since I have to use a friends computer to came here to the forum, so I need a solution so my own boots and he can go normaly. If you are avaible I can hold here all this morning until lunch hour.

I have an original windows XP pro SP3 install CD should I used and do a windows repair install, so like that we hve back the SP3 and keep all my programs and stuff like was before, or you have other and better solution?

Thanks and sorry, but Iīm realy desesperated right now...

Edited by Balta, 12 February 2009 - 05:52 AM.


#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 12 February 2009 - 08:16 AM

Hello Balta.

If SP3 installed incompletely, you can try to remove it again using Add/Remove Programs.

With Regards,
The Panda

#9 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 12 February 2009 - 08:28 AM

No you didnīt understand, SP3 was removed with those errors I mension.

After the reboot he asks and now the computer cannot boot, keeps rebooting like I said.


How can I reinstall SP3 if only safe mode works?

My ideia and thats what I also asked before is:
can I do an windows repair install? I have windows pro SP3 original CD to do that...

Or is there other solution to have the SP3 or the computer booting back normaly?

Edited by Balta, 12 February 2009 - 09:04 AM.


#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 12 February 2009 - 12:07 PM

Hello.

Let's try using the system restore. Refering to this guide, restore to the last point before uninstalling SP3.

With Regards,
The Panda

Edited by PropagandaPanda, 12 February 2009 - 12:08 PM.


#11 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 12 February 2009 - 12:26 PM

Sorry either my PM didn't arrive to you or you are not reading correcly what I said...

I can't boot anylonger normal or safe mode, because of the repair install I tryed on top, so no way of reaching the restore tool...


:thumbup2:

UPDATE:
Managed to put safe mode working again using this steps: http://techrepublic.com.com/5208-7343-0.ht...ssageID=2585473

Booting in safe mode any restore point I choose allways gives the same error on normal booting and stayes again rebooting after rebooting.
Get in in safe mdoe again and the restore tols says, canīt restore to that point no changes wore made to computer.

Edited by Balta, 12 February 2009 - 01:54 PM.


#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 12 February 2009 - 03:08 PM

Hello.

Please give me some time too look this over.

With Regards,
The Panda

Edited by PropagandaPanda, 12 February 2009 - 03:24 PM.


#13 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 12 February 2009 - 03:26 PM

Yes I can, but what is the ideia after that?

Sorry for the PMīs, but I'm realy desesperated, loosing all work and staying one day not working and problably also tomorow is kiling me !!!

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 12 February 2009 - 03:31 PM

Hello.

Let's try to restore from the ERUNT backup.

Boot into the recovery console in the CD.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry.
Tell me how it goes.

With Regards,
The Panda

#15 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 12 February 2009 - 03:47 PM

Ok only dir with dates avaible was "11-02-2009"

but inside after doing the "batch erdnt.con" I got 10 lines between a space line saying: Access is denied.

I think he didnt restore nothing... what now?


UPDATE: I try booting using debug mode after F8 and I allways got a blu screen with this error:

irql_not_less_or_equal 0x0000000a (0xfffffffb,.... etc

Edited by Balta, 12 February 2009 - 03:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users