Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly DHL email Infected Computer


  • This topic is locked This topic is locked
7 replies to this topic

#1 Smitty Blake

Smitty Blake

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 09 September 2011 - 12:14 PM

DDS.txt and ARK.txt are as follows; ATTACH.txt is attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Al Campbell at 11:39:44 on 2011-09-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.692 [GMT -5:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Runtime Software\DriveImage XML\dixml.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Runtime Software\DriveImage XML\dixml.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\real\realplayer\update\realsched.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;hxxp://localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - No File
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Dlitamu] rundll32.exe "c:\windows\MDRCMVET.dll",Startup
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRunOnce: [RealPlayer_update] c:\program files\america online 9.0\jiti\Real9_codec_upd.exe restart
dRun: [SvrWsc]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mobile~1.lnk - c:\program files\watchguard\mobile user vpn\SafeCfg.exe
mPolicies-explorer: <NO NAME> =
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Netilla App Component 3.4 - hxxps://www.womansonline.com/tarantella/java/ttaC-du.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/espc/27863/bin/wizard.exe
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/2.2.0.51g/cab/aolpPlugins.10.4.0.2.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204765915907
DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - hxxp://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Al%20Campbell/Application%20Data/Smilebox/OzDesktopImporter.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://sympatico.zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.124.193.100 209.124.193.101
TCP: Interfaces\{C0C7F4E7-6141-44BF-8D48-540CCF74A203} : DhcpNameServer = 209.124.193.100 209.124.193.101
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\al campbell\application data\mozilla\firefox\profiles\u2567shn.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-8-21 3968]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-11-11 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-11-11 24064]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2011-5-14 521786]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2011-5-14 119864]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-14 97520]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2011-5-14 36188]
S2 gupdate1ca35a32b01749c;Google Update Service (gupdate1ca35a32b01749c);c:\program files\google\update\GoogleUpdate.exe [2009-9-14 133104]
S2 SvrWsc;Windows Security Center Service;"c:\windows\system32\svrwsc.exe" --> c:\windows\system32\svrwsc.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-14 133104]
S3 IKFileFlt;File Filter Driver;c:\windows\system32\drivers\ikfileflt.sys [2007-4-7 39248]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-4-7 52304]
S3 IkSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-4-7 59472]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-4-7 83536]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe [2007-4-7 707080]
S4 sdCoreService;Spyware Doctor Service;c:\program files\spyware doctor\swdsvc.exe [2007-4-7 1302272]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-11-11 14976]
.
=============== Created Last 30 ================
.
2011-09-03 13:02:25 -------- d-----w- c:\documents and settings\al campbell\application data\Research In Motion
2011-09-02 18:47:10 -------- d-----w- c:\program files\Runtime Software
2011-09-02 17:46:38 -------- d-----w- c:\windows\system32\NtmsData
2011-09-01 16:23:13 -------- d-----w- c:\documents and settings\all users\application data\TomTom
2011-09-01 16:16:09 -------- d-----w- c:\program files\TomTom International B.V
2011-09-01 16:15:49 -------- d-----w- c:\program files\TomTom HOME 2
2011-09-01 00:12:38 -------- d-----w- c:\documents and settings\all users\application data\Research In Motion
2011-09-01 00:12:07 -------- d-----w- c:\program files\common files\Research In Motion
2011-08-31 13:39:43 -------- d-----w- c:\windows\system32\XPSViewer
2011-08-31 13:38:55 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-08-31 13:36:39 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-08-31 13:36:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-08-31 13:36:39 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-08-31 13:36:39 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-08-31 13:36:39 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-08-31 13:36:39 117760 ------w- c:\windows\system32\prntvpt.dll
2011-08-31 13:36:38 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-08-31 13:36:38 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-08-31 13:36:35 -------- d-----w- C:\38cca8a0638becd740
2011-08-29 13:02:35 256 ----a-w- c:\windows\system32\pool.bin
2011-08-29 12:48:17 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2011-08-29 12:46:49 -------- d-----w- c:\program files\Research In Motion
2011-08-16 00:06:39 0 ---ha-w- c:\documents and settings\al campbell\local settings\application data\BITD.tmp
2011-08-11 15:57:09 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 15:56:32 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-28 12:07:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 11:41:20.21 ===============




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-09 12:05:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200JB-75CRA0 rev.16.06V16
Running: gmer.exe; Driver: C:\DOCUME~1\ALCAMP~1\LOCALS~1\Temp\awdyapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwClose [0xB659BA1C]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwCreateDirectoryObject [0xB659BA48]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwCreateFile [0xB659BA7C]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwCreateKey [0xB659BAD0]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateThread [0xB851A8A4]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwDeleteKey [0xB659BB14]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwEnumerateKey [0xB659BB40]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwEnumerateValueKey [0xB659BB80]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwFlushKey [0xB659BBC0]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwMakeTemporaryObject [0xB659BBEC]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwMapViewOfSection [0xB659BC18]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwOpenKey [0xB659BC68]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwOpenSection [0xB659BC9C]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwQueryInformationFile [0xB659BCD0]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwQueryKey [0xB659BD0C]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwQueryValueKey [0xB659BD48]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwReadFile [0xB659BD88]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwSetInformationFile [0xB659BDD4]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwSetInformationThread [0xB659BE10]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetSystemInformation [0xB851ABCE]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwSetValueKey [0xB659BE48]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwUnmapViewOfSection [0xB659BE88]
SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwWriteFile [0xB659BEB8]

Code 8A3B2898 ZwDuplicateObject
Code 8A034BF8 ZwSetInformationFile
Code 8A1A3930 ZwWriteFile
Code 8A3B2897 NtDuplicateObject
Code 8A034BF7 NtSetInformationFile
Code 8A1A392F NtWriteFile

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 148 804E27B4 2 Bytes [14, BB] {ADC AL, 0xbb}
.text ntoskrnl.exe!_abnormal_termination + 14B 804E27B7 1 Byte [B6]
.text ntoskrnl.exe!_abnormal_termination + 189 804E27F5 1 Byte [BB]
.text ntoskrnl.exe!_abnormal_termination + 189 804E27F5 3 Bytes [BB, 59, B6]
.text ntoskrnl.exe!_abnormal_termination + 229 804E2895 3 Bytes [BC, 59, B6]
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + 590 80567AE8 7 Bytes JMP 8A4699CC
PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock + 28D 8056F70A 7 Bytes JMP 8A49F64C
PAGE ntoskrnl.exe!NtDuplicateObject 805748C2 7 Bytes JMP 8A3B289C
PAGE ntoskrnl.exe!NtSetInformationFile 8057C641 5 Bytes JMP 8A034BFC
PAGE ntoskrnl.exe!NtWriteFile 8057C8ED 7 Bytes JMP 8A1A3934
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9B2A340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
PAGE Fastfat.SYS B62129C8 7 Bytes JMP 89DE1EEC
? C:\DOCUME~1\ALCAMP~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[664] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0037F940 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0037F940 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0037FC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0037FC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0037FC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0037FCE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0037FCC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0037FBE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0037FBC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0037FCA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!getpeername 71AC0B68 3 Bytes JMP 0037FC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!getpeername + 4 71AC0B6C 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!accept 71AC1040 3 Bytes JMP 0037FC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1004] WS2_32.dll!accept + 4 71AC1044 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0037F940 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0037FC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0037FC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0037FC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0037FCE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0037FCC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0037FBE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0037FBC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0037FCA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!getpeername 71AC0B68 3 Bytes JMP 0037FC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!getpeername + 4 71AC0B6C 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!accept 71AC1040 3 Bytes JMP 0037FC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!accept + 4 71AC1044 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0037F940 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0037FC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0037FC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0037FC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0037FCE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0037FCC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0037FBE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0037FBC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0037FCA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!getpeername 71AC0B68 3 Bytes JMP 0037FC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!getpeername + 4 71AC0B6C 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!accept 71AC1040 3 Bytes JMP 0037FC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!accept + 4 71AC1044 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0037F940 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0037FC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0037FC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0037FC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0037FCE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0037FCC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0037FBE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0037FBC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0037FCA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!getpeername 71AC0B68 3 Bytes JMP 0037FC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!getpeername + 4 71AC0B6C 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!accept 71AC1040 3 Bytes JMP 0037FC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!accept + 4 71AC1044 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1252] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0037FBA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0037FB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0037FB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1252] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0037FB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0037F940 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0037F940 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0037FC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0037FC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0037FC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0037FCE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0037FCC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0037FBE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0037FBC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0037FCA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!getpeername 71AC0B68 3 Bytes JMP 0037FC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!getpeername + 4 71AC0B6C 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!accept 71AC1040 3 Bytes JMP 0037FC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1648] WS2_32.dll!accept + 4 71AC1044 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0037F940 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0037FC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0037FC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0037FC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0037FCE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0037FCC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0037FBE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0037FBC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0037FCA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!getpeername 71AC0B68 3 Bytes JMP 0037FC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!getpeername + 4 71AC0B6C 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!accept 71AC1040 3 Bytes JMP 0037FC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!accept + 4 71AC1044 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0037F940 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0037FBA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0037FB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0037FB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0037FB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0037FC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0037FC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0037FC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0037FCE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0037FCC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0037FBE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0037FBC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0037FCA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!getpeername 71AC0B68 3 Bytes JMP 0037FC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!getpeername + 4 71AC0B6C 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!accept 71AC1040 3 Bytes JMP 0037FC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!accept + 4 71AC1044 1 Byte [8E]
.text C:\Program Files\real\realplayer\update\realsched.exe[3016] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\Explorer.EXE[3948] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00389E20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0038FB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0038F8A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0038FA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0038FA60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0038F9E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0038F9C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0038F9A0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0038FB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0038F8C0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00390700 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0038FA00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0038F920 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0038F980 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0038FAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0038F900 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0038F8E0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0038FA20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0038F960 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0038FAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0038FAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0038FA40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0038FBA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0038FB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0038FB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0038FB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0038FC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0038FC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0038FC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0038FCE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0038FCC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0038FBE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0038FBC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0038FCA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0038FC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0038FC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \FileSystem\Fastfat \FatCdrom Code 89DE1EE8
Device \FileSystem\Fastfat \Fat Code 89DE1EE8

AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 14 September 2011 - 09:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

uInternet Settings,ProxyOverride = 127.0.0.1;hxxp://localhost

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference uInternet Settings,ProxyOverride = 127.0.0.1;hxxp://localhost if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#3 Smitty Blake

Smitty Blake
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 14 September 2011 - 02:18 PM

ComboFix 11-09-14.02 - Al Campbell 09/14/2011 12:54:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.895 [GMT -5:00]
Running from: c:\documents and settings\Al Campbell\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Al Campbell\Local Settings\Application Data\{E954F81B-0310-4151-AFF8-69B707658ECA}
c:\documents and settings\Al Campbell\Local Settings\Application Data\{E954F81B-0310-4151-AFF8-69B707658ECA}\chrome.manifest
c:\documents and settings\Al Campbell\Local Settings\Application Data\{E954F81B-0310-4151-AFF8-69B707658ECA}\chrome\content\_cfg.js
c:\documents and settings\Al Campbell\Local Settings\Application Data\{E954F81B-0310-4151-AFF8-69B707658ECA}\chrome\content\overlay.xul
c:\documents and settings\Al Campbell\Local Settings\Application Data\{E954F81B-0310-4151-AFF8-69B707658ECA}\install.rdf
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\AlertView.exe.8de2ebce.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\AllertEula.exe.561b80e6.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\ClientApplicationFramework.exe.3ead1c54.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\DA_PASlog.exe.266217b1.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\DAExec.exe.2da68fa3.ini.inuse
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\DAExec.exe.47ddb521.ini.inuse
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\DFolder.exe.368dcbb5.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\DNgen.exe.516df7ac.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\DReg1.exe.2e6500e7.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\DS_PASlog.exe.5c97331f.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\ExpEval21.exe.8f3e9125.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\GUI.exe.5d8cc523.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\GUI.exe.62a22b57.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\GUI.exe.f0196921.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\ISCallingDLL.exe.7c210265.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\MSI388.tmp.441d382b.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\Ngen.exe.89f695a3.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\prstp.exe.a15f4573.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\rng.exe.ac4aa698.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\SL2F6.tmp.167a15fd.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\SL312.tmp.45c3666f.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\ssIS.exe.9bc9c4a.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\ssIS.exe.be56f7cc.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\startDSLog.exe.10dd097f.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\startDSLog.exe.94c7d4b3.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\startDSLog.exe.c6f6cd35.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\startDSLog.exe.d69c17ea.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\update21GUI.exe.c94e3979.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.558269b5.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.84bf43f2.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.8b012eb8.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.8c915f38.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.8f3499b1.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.eb020636.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.f50342ea.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.f711c2b7.ini
c:\documents and settings\Al Campbell\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.fe78d26e.ini
c:\documents and settings\Al Campbell\WINDOWS
c:\documents and settings\All Users\Application Data\Microsoft\MSOFFICE\TEMP\doc~1.dat
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Judy Campbell\Local Settings\Application Data\{D091F2A6-D518-406D-8BCD-0C8BA52A50DE}
c:\documents and settings\Judy Campbell\Local Settings\Application Data\{D091F2A6-D518-406D-8BCD-0C8BA52A50DE}\chrome.manifest
c:\documents and settings\Judy Campbell\Local Settings\Application Data\{D091F2A6-D518-406D-8BCD-0C8BA52A50DE}\chrome\content\_cfg.js
c:\documents and settings\Judy Campbell\Local Settings\Application Data\{D091F2A6-D518-406D-8BCD-0C8BA52A50DE}\chrome\content\overlay.xul
c:\documents and settings\Judy Campbell\Local Settings\Application Data\{D091F2A6-D518-406D-8BCD-0C8BA52A50DE}\install.rdf
c:\documents and settings\Judy Campbell\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Judy Campbell\Local Settings\Application Data\ApplicationHistory\ISCallingDLL.exe.7c210265.ini
c:\documents and settings\Judy Campbell\Local Settings\Application Data\ApplicationHistory\Ngen.exe.89f695a3.ini
c:\documents and settings\Judy Campbell\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini
c:\documents and settings\Judy Campbell\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
c:\documents and settings\Judy Campbell\WINDOWS
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\14.tmp
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\2.tmp
c:\program files\INSTALL.LOG
c:\program files\messenger\msmsgsin.exe
c:\windows\dasetup.log
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\g32.txt
c:\windows\s32.txt
c:\windows\system32\comct332.ocx
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\14.tmp
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\2F.tmp
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\45.tmp
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\56.tmp
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\5B.tmp
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\61.tmp
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\CE.tmp
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\CF.tmp
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\regobj.dll
c:\windows\system32\wpcap.dll
c:\windows\TSOC.LOG
c:\windows\ws386.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SVRWSC
-------\Service_SvrWsc
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-09-14 17:34 . 2011-09-14 17:34 -------- d-----w- c:\documents and settings\Al Campbell\Application Data\Sprint
2011-09-14 17:25 . 2007-10-12 22:04 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2011-09-14 17:25 . 2005-03-15 17:11 17920 ----a-w- c:\windows\system32\apintfnt.dll
2011-09-14 17:25 . 2008-04-13 17:45 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-09-14 17:25 . 2008-04-13 17:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2011-09-14 17:25 . 2011-09-14 17:25 -------- dc----w- c:\windows\system32\DRVSTORE
2011-09-14 17:22 . 2011-09-14 17:22 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-09-14 17:22 . 2011-09-14 17:22 -------- d-----w- c:\program files\Sierra Wireless
2011-09-14 17:22 . 2011-09-14 17:22 -------- d-----w- c:\program files\Sprint
2011-09-14 17:22 . 2011-09-14 17:22 -------- d-----w- c:\program files\Novatel Wireless
2011-09-14 17:22 . 2011-09-14 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
2011-09-03 13:02 . 2011-09-03 13:02 -------- d-----w- c:\documents and settings\Al Campbell\Application Data\Research In Motion
2011-09-02 18:47 . 2011-09-14 16:59 -------- d-----w- c:\program files\Runtime Software
2011-09-02 17:46 . 2011-09-02 18:31 -------- d-----w- c:\windows\system32\NtmsData
2011-09-01 16:23 . 2011-09-01 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2011-09-01 16:16 . 2011-09-01 16:16 -------- d-----w- c:\documents and settings\Judy Campbell\Local Settings\Application Data\TomTom
2011-09-01 16:16 . 2011-09-01 16:16 -------- d-----w- c:\documents and settings\Judy Campbell\Application Data\TomTom
2011-09-01 16:16 . 2011-09-01 16:16 -------- d-----w- c:\program files\TomTom International B.V
2011-09-01 16:15 . 2011-09-01 16:15 -------- d-----w- c:\program files\TomTom HOME 2
2011-09-01 15:56 . 2011-09-01 15:56 -------- d-sh--w- c:\documents and settings\Judy Campbell\IECompatCache
2011-09-01 01:06 . 2011-09-01 01:06 -------- d-----w- c:\documents and settings\Judy Campbell\Application Data\Research In Motion
2011-09-01 00:23 . 2011-09-01 00:23 -------- d-----w- c:\documents and settings\Judy Campbell\Application Data\InstallShield
2011-09-01 00:12 . 2011-09-01 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2011-09-01 00:12 . 2011-09-01 00:12 -------- d-----w- c:\program files\Common Files\Research In Motion
2011-08-29 13:02 . 2011-09-01 01:22 256 ----a-w- c:\windows\system32\pool.bin
2011-08-29 12:59 . 2011-08-29 12:59 -------- d-----w- c:\documents and settings\Al Campbell\Application Data\InstallShield
2011-08-29 12:59 . 2011-08-29 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2011-08-29 12:58 . 2011-08-29 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2011-08-29 12:55 . 2011-09-01 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2011-08-29 12:48 . 2009-01-09 21:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2011-08-29 12:47 . 2011-09-01 00:21 -------- d-----w- c:\program files\Common Files\Roxio Shared
2011-08-29 12:46 . 2011-09-01 00:14 -------- d-----w- c:\program files\Research In Motion
2011-08-16 00:06 . 2011-08-16 00:06 0 ---ha-w- c:\documents and settings\Al Campbell\Local Settings\Application Data\BITD.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-28 12:07 . 2011-06-23 14:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2002-08-29 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2002-08-29 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2005-02-18 21:19 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2006-12-13 03:12 . 2006-09-09 03:32 66648 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2006-09-09 03:33 54352 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2007-04-07 14:42 34928 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 03:12 . 2007-04-07 14:42 46696 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2006-09-09 03:32 172120 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-12-13 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-24 273544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-03-10 17672]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Mobile User VPN.lnk - c:\program files\WatchGuard\Mobile User VPN\SafeCfg.exe [2011-5-14 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-10-02 23:41 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
2002-06-22 06:27 69632 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-15 00:22 28672 ----a-r- c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-05-24 12:46 188416 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
2002-06-20 19:06 339968 ----a-w- c:\windows\SYSTEM32\hphmon04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
2002-05-24 12:47 49152 ----a-w- c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-03-27 15:57 126104 ----a-w- c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 19:16 5058560 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-10-06 19:16 49152 ----a-w- c:\windows\SYSTEM32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-12-13 04:38 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 16:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2005-05-31 06:04 1415824 ----a-w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2001-10-09 07:59 200704 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"ose"=3 (0x3)
"gusvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WatchGuard\\Mobile User VPN\\IreIKE.exe"=
"c:\program files\WatchGuard\Mobile User VPN\ViewLog.exe"= c:\program files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\WatchGuard\Mobile User VPN\CmonApp.exe"= c:\program files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\WatchGuard\Mobile User VPN\vpn.exe"= c:\program files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
.
R2 Crypto;Crypto;c:\windows\SYSTEM32\DRIVERS\Crypto.sys [5/14/2011 9:05 AM 521786]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\SYSTEM32\DRIVERS\IpSecDrv.sys [5/14/2011 9:05 AM 119864]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\SYSTEM32\DRIVERS\vap.sys [5/14/2011 9:04 AM 36188]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-15 01:23]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-15 01:23]
.
2003-01-30 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
2011-09-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3588307437-1096272408-3680118728-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3588307437-1096272408-3680118728-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3588307437-1096272408-3680118728-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3588307437-1096272408-3680118728-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-14 c:\windows\Tasks\User_Feed_Synchronization-{F21840DC-F402-462E-9BBB-4B45DF67DD5E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;hxxp://localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Netilla App Component 3.4 - hxxps://www.womansonline.com/tarantella/java/ttaC-du.cab
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/espc/27863/bin/wizard.exe
DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - hxxp://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Al%20Campbell/Application%20Data/Smilebox/OzDesktopImporter.cab
FF - ProfilePath - c:\documents and settings\Al Campbell\Application Data\Mozilla\Firefox\Profiles\u2567shn.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Dlitamu - c:\windows\MDRCMVET.dll
HKLM-RunOnce-RealPlayer_update - c:\program files\America Online 9.0\Jiti\Real9_codec_upd.exe
HKU-Default-Run-SvrWsc - (no file)
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-AuthStart - c:\program files\EATEL\Security Software\app\authstart.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1 - c:\windows\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-14 13:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
RealPlayer_update = c:\program files\America Online 9.0\Jiti\Real9_codec_upd.exe restart?\Al Campbell?LOGONSERVER=\\D8F7NB21?NUMBER_OF_PROCESSORS=1?OS=Windows_NT?Path=c:\windows\system32;c:\windows;c:\WINDOWS\System32\Wbem;c:\program files\Common Files\Sonic Shared\Ligos\GoMotion;C:\Progr
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3588307437-1096272408-3680118728-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(616)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WatchGuard\Mobile User VPN\IreIKE.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\WatchGuard\Mobile User VPN\IPSecMon.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\wanmpsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\progra~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
.
**************************************************************************
.
Completion time: 2011-09-14 13:59:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-14 18:58
.
Pre-Run: 56,584,867,840 bytes free
Post-Run: 72,504,651,776 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 871C38035282E1775872A2BD2B44A807




Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Authentium AntiVirus SDK - 2
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Spybot - Search & Destroy 1.4
Spyware Doctor 5.0
Adobe Flash Player
Adobe Reader X (10.1.0)
Mozilla Firefox (2.0.0) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Common Files Authentium AntiVirus dvpapi.exe
``````````End of Log````````````

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 15 September 2011 - 07:47 AM

Out of date Spybot installed!
Spybot - Search & Destroy 1.4


Remove this software using the Add/Remove Programs list or update it.
safer-networking.org
===

Secure your system by updating 3rd party programs.

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android.Adobe recommends... update to Adobe Flash Player 10.3.181.22

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

Update your Firefox using the Tools Meny > Check for updates...

===

Please let me know what problem persists.

#5 Smitty Blake

Smitty Blake
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 15 September 2011 - 01:45 PM

seems everything is working fine. Updating OS, and all 3rd party apps, now. But everything seems to be running smoothly.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 15 September 2011 - 05:53 PM

Glad we could help.

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used to clean this computer.

Surf Safely, and Think Prevention!
===

#7 Smitty Blake

Smitty Blake
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 16 September 2011 - 11:59 AM

I really apprciate your help!


Thanks!

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 22 September 2011 - 07:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users