Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

troj/TDL3MEM-A


  • This topic is locked This topic is locked
3 replies to this topic

#1 flyoverfred

flyoverfred

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 26 July 2010 - 02:44 PM

Hi,

My sophos has picked up troj/TDL3MEM-A affecting various ntdll.dll:pid etc etc - i have copied my log from GMER please help !

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-26 14:17:24
Windows 5.1.2600 Service Pack 3
Running: 5ib1o27t.exe; Driver: C:\DOCUME~1\AIDYAD~1\LOCALS~1\Temp\awgorfod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateKey [0xB6FF803E]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateThread [0xB6FF85B4]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwDeleteKey [0xB6FF8194]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetSystemInformation [0xB6FF88F6]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetValueKey [0xB6FF81FA]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9727360, 0x300037, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[232] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399DE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A0260 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039FFE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 003A01C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003A01A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003A0120 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003A0100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003A00E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 003A0240 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A0000 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0E40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003A0080 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003A0140 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 003A0060 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 003A00C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003A0200 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 003A0040 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 003A0020 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 003A0160 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 003A00A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 003A0220 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A01E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 003A0180 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 003A02E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 003A02C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 003A0280 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 003A02A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 003A0380 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!bind 71AB4480 5 Bytes JMP 003A0360 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003A03A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!send 71AB4C27 5 Bytes JMP 003A0420 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!recv 71AB676F 5 Bytes JMP 003A0400 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 003A0320 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 003A0300 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 003A03E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 003A03C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!accept 71AC1040 5 Bytes JMP 003A0340 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399DE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A0260 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039FFE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 003A01C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003A01A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003A0120 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003A0100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003A00E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 003A0240 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A0000 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0E40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003A0080 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003A0140 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 003A0060 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 003A00C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003A0200 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 003A0040 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 003A0020 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 003A0160 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 003A00A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 003A0220 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A01E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 003A0180 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 003A0380 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!bind 71AB4480 5 Bytes JMP 003A0360 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003A03A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!send 71AB4C27 5 Bytes JMP 003A0420 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!recv 71AB676F 5 Bytes JMP 003A0400 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 003A0320 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 003A0300 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 003A03E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 003A03C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!accept 71AC1040 5 Bytes JMP 003A0340 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 003A02E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 003A02C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 003A0280 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[636] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 003A02A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399DE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A0260 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039FFE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 003A01C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003A01A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003A0120 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003A0100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003A00E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 003A0240 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A0000 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0E40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003A0080 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003A0140 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 003A0060 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 003A00C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003A0200 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 003A0040 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 003A0020 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 003A0160 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 003A00A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 003A0220 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A01E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 003A0180 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 003A02E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 003A02C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 003A0280 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 003A02A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 003A0380 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!bind 71AB4480 5 Bytes JMP 003A0360 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003A03A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!send 71AB4C27 5 Bytes JMP 003A0420 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!recv 71AB676F 5 Bytes JMP 003A0400 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 003A0320 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 003A0300 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 003A03E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 003A03C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!accept 71AC1040 5 Bytes JMP 003A0340 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399DE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A0260 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039FFE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 003A01C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003A01A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003A0120 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003A0100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003A00E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 003A0240 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A0000 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0E40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003A0080 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003A0140 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 003A0060 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 003A00C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003A0200 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 003A0040 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 003A0020 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 003A0160 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 003A00A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 003A0220 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A01E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 003A0180 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 003A02E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 003A02C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 003A0280 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 003A02A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 003A0380 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!bind 71AB4480 5 Bytes JMP 003A0360 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003A03A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!send 71AB4C27 5 Bytes JMP 003A0420 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!recv 71AB676F 5 Bytes JMP 003A0400 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 003A0320 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 003A0300 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 003A03E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 003A03C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!accept 71AC1040 5 Bytes JMP 003A0340 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[940] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0072000A
.text C:\WINDOWS\System32\svchost.exe[940] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0073000A
.text C:\WINDOWS\System32\svchost.exe[940] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 0071000A
.text C:\WINDOWS\System32\svchost.exe[940] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A0260 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[940] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E1000A
.text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 0099000A
.text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003B0260 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399DE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A0260 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039FFE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 003A01C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003A01A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003A0120 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003A0100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003A00E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 003A0240 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A0000 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0E40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003A0080 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003A0140 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 003A0060 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 003A00C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003A0200 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 003A0040 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 003A0020 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 003A0160 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 003A00A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 003A0220 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A01E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 003A0180 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 003A02E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 003A02C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 003A0280 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 003A02A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399DE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A0260 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039FFE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 003A01C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003A01A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003A0120 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003A0100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003A00E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 003A0240 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A0000 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0E40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003A0080 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003A0140 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 003A0060 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 003A00C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003A0200 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 003A0040 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 003A0020 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 003A0160 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 003A00A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 003A0220 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A01E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 003A0180 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 003A02E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 003A02C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 003A0280 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 003A02A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 003A0380 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!bind 71AB4480 5 Bytes JMP 003A0360 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003A03A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!send 71AB4C27 5 Bytes JMP 003A0420 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!recv 71AB676F 5 Bytes JMP 003A0400 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 003A0320 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 003A0300 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 003A03E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 003A03C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!accept 71AC1040 5 Bytes JMP 003A0340 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00399DE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A0260 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039FFE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 003A01C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003A01A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003A0120 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003A0100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003A00E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 003A0240 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A0000 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003A0E40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003A0080 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003A0140 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 003A0060 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 003A00C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003A0200 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 003A0040 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 003A0020 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 003A0160 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 003A00A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 003A0220 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A01E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 003A0180 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 003A02E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 003A02C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 003A0280 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 003A02A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 003A0380 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!bind 71AB4480 5 Bytes JMP 003A0360 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003A03A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!send 71AB4C27 5 Bytes JMP 003A0420 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!recv 71AB676F 5 Bytes JMP 003A0400 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 003A0320 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 003A0300 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 003A03E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 003A03C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!accept 71AC1040 5 Bytes JMP 003A0340 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 003A9DE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003B0260 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003AFFE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 003B01C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003B01A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003B0120 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003B0100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003B00E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 003B0240 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B0000 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 003B0E40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003B0080 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003B0140 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 003B0060 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 003B00C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003B0200 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 003B0040 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 003B0020 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 003B0160 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 003B00A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 003B0220 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B01E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 003B0180 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 003B02E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 003B02C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 003B0280 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3216] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 003B02A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

---- EOF - GMER 1.0.15 ----

I also ran OLT:

OTL Extras logfile created on: 26/07/2010 19:03:55 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\aidyadmin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 180.98 Gb Free Space | 77.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 89.61 Gb Free Space | 38.48% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AIDY-0C17CF2F78
Current User Name: aidyadmin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Kinetic\BaseStation\BaseStation.exe" = C:\Program Files\Kinetic\BaseStation\BaseStation.exe:*:Enabled:BaseStation -- (Kinetic Avionic Products Ltd)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- File not found
"C:\Documents and Settings\All Users\Start Menu\Programs\Whistle.exe" = C:\Documents and Settings\All Users\Start Menu\Programs\Whistle.exe:*:Enabled:Whistle -- (Vail Systems, Inc.)
"C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe" = C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe:*:Enabled:Adobe Photoshop CS3 -- (Adobe Systems, Incorporated)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A60AA2B-474C-4B0F-BCB3-CDDBD0781536}" = SBS-resources
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{390B7821-3CDE-4579-B940-B0A06B86136A}" = Topaz Denoise 3
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53DFE713-4D22-4D98-9DB1-833EB5A623E0}" = Whistle
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5D942FCB-4FE2-4843-9A53-F23D1CCC9213}" = BaseStation
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94ACDCB3-919D-4428-A2CE-538193CAAF17}_is1" = BSAlert V4.9.5
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}" = Topaz ReMask 2
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBDFA37B-CFC7-4C37-98F8-04CF326CD327}_is1" = FlashFXP v3
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F24892EF-1800-494E-9AE4-0A9F5AC1A73E}" = SBS-resources
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD1F68EC-75DA-55F4-E2D2-94BE450C0368}" = ATI Catalyst Install Manager
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dfine 2.0" = Dfine 2.0
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESDX4800_4200 User's Guide" = ESDX4800_4200 User's Guide
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Power Retouche Retouching Suite" = Power Retouche Retouching Suite
"QcDrv" = Logitech® Camera Driver
"RealPlayer 12.0" = RealPlayer
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"Silver Efex Pro" = Silver Efex Pro
"SpywareBlaster_is1" = SpywareBlaster 4.3
"ST6UNST #1" = Airline Data Unlimited
"ST6UNST #2" = Airline Data Unlimited (C:\Program Files\Airline Data Unlimited\)
"ST6UNST #3" = ADU Software SBS Utility
"SystemRequirementsLab" = System Requirements Lab
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2e1eacbdaa3f726e" = SBSPopulate
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/07/2010 00:06:12 | Computer Name = AIDY-0C17CF2F78 | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE. CManager::Unregister in the ComponentManager component encountered
a catastrophic error that it could not recover from.

Error - 26/07/2010 00:06:12 | Computer Name = AIDY-0C17CF2F78 | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE. CManager::TriggerShutdown in the ComponentManager component
encountered a catastrophic error that it could not recover from.

Error - 26/07/2010 13:33:08 | Computer Name = AIDY-0C17CF2F78 | Source = Google Update | ID = 20
Description =

Error - 26/07/2010 14:33:13 | Computer Name = AIDY-0C17CF2F78 | Source = Google Update | ID = 20
Description =

Error - 26/07/2010 16:00:37 | Computer Name = AIDY-0C17CF2F78 | Source = ESENT | ID = 488
Description = wlcomm (180) An attempt to create the file "C:\Documents and Settings\aidyadmin\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{b0ea5c93-ea6a-48dd-b82f-4fb8b4ba4264}\DBStore\contacts.pat"
failed with system error 5 (0x00000005): "Access is denied. ". The create file
operation will fail with error -1032 (0xfffffbf8).

Error - 26/07/2010 16:00:37 | Computer Name = AIDY-0C17CF2F78 | Source = ESENT | ID = 217
Description = wlcomm (180) Error (-1032) during backup of a database (file C:\Documents
and Settings\aidyadmin\Local Settings\Application Data\Microsoft\Windows Live Contacts\{b0ea5c93-ea6a-48dd-b82f-4fb8b4ba4264}\DBStore\contacts.edb).
The database will be unable to restore.

Error - 26/07/2010 16:00:37 | Computer Name = AIDY-0C17CF2F78 | Source = ESENT | ID = 215
Description = wlcomm (180) C:\Documents and Settings\aidyadmin\Local Settings\Application
Data\Microsoft\Windows Live Contacts\{b0ea5c93-ea6a-48dd-b82f-4fb8b4ba4264}\: The
backup has been stopped because it was halted by the client or the connection with
the client failed.

Error - 26/07/2010 16:00:39 | Computer Name = AIDY-0C17CF2F78 | Source = ESENT | ID = 488
Description = wlcomm (180) An attempt to create the file "C:\Documents and Settings\aidyadmin\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{440721d6-afa6-43fb-ae97-722467ddccd9}\DBStore\contacts.pat"
failed with system error 5 (0x00000005): "Access is denied. ". The create file
operation will fail with error -1032 (0xfffffbf8).

Error - 26/07/2010 16:00:39 | Computer Name = AIDY-0C17CF2F78 | Source = ESENT | ID = 217
Description = wlcomm (180) Error (-1032) during backup of a database (file C:\Documents
and Settings\aidyadmin\Local Settings\Application Data\Microsoft\Windows Live Contacts\{440721d6-afa6-43fb-ae97-722467ddccd9}\DBStore\contacts.edb).
The database will be unable to restore.

Error - 26/07/2010 16:00:39 | Computer Name = AIDY-0C17CF2F78 | Source = ESENT | ID = 215
Description = wlcomm (180) C:\Documents and Settings\aidyadmin\Local Settings\Application
Data\Microsoft\Windows Live Contacts\{440721d6-afa6-43fb-ae97-722467ddccd9}\: The
backup has been stopped because it was halted by the client or the connection with
the client failed.

[ System Events ]
Error - 03/07/2010 19:04:42 | Computer Name = AIDY-0C17CF2F78 | Source = SAVOnAccessFilter | ID = 3997749
Description = The on-access driver failed to attach to \Device\ADVirtualDisk\Volume,
because the I/O method is not supported.

Error - 04/07/2010 10:08:49 | Computer Name = AIDY-0C17CF2F78 | Source = SAVOnAccessFilter | ID = 3997749
Description = The on-access driver failed to attach to \Device\ADVirtualDisk\Volume,
because the I/O method is not supported.

Error - 04/07/2010 18:42:23 | Computer Name = AIDY-0C17CF2F78 | Source = SAVOnAccessFilter | ID = 3997749
Description = The on-access driver failed to attach to \Device\ADVirtualDisk\Volume,
because the I/O method is not supported.

Error - 05/07/2010 03:13:50 | Computer Name = AIDY-0C17CF2F78 | Source = SAVOnAccessFilter | ID = 3997749
Description = The on-access driver failed to attach to \Device\ADVirtualDisk\Volume,
because the I/O method is not supported.

Error - 05/07/2010 11:04:30 | Computer Name = AIDY-0C17CF2F78 | Source = SAVOnAccessFilter | ID = 3997749
Description = The on-access driver failed to attach to \Device\ADVirtualDisk\Volume,
because the I/O method is not supported.

Error - 05/07/2010 16:19:20 | Computer Name = AIDY-0C17CF2F78 | Source = SAVOnAccessFilter | ID = 3997749
Description = The on-access driver failed to attach to \Device\ADVirtualDisk\Volume,
because the I/O method is not supported.

Error - 05/07/2010 16:28:50 | Computer Name = AIDY-0C17CF2F78 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/07/2010 16:30:07 | Computer Name = AIDY-0C17CF2F78 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips Processor SAVOnAccessControl SAVOnAccessFilter

Error - 05/07/2010 16:32:42 | Computer Name = AIDY-0C17CF2F78 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/07/2010 16:34:10 | Computer Name = AIDY-0C17CF2F78 | Source = SAVOnAccessFilter | ID = 3997749
Description = The on-access driver failed to attach to \Device\ADVirtualDisk\Volume,
because the I/O method is not supported.


< End of report >

Merged posts. ~ OB

Edited by Orange Blossom, 27 July 2010 - 07:44 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 PM

Posted 05 August 2010 - 01:21 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 PM

Posted 08 August 2010 - 02:27 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 PM

Posted 11 August 2010 - 12:13 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users