Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj/PDFJs-OY I cannot get rid of!!!!


  • This topic is locked This topic is locked
43 replies to this topic

#1 jorjannw

jorjannw

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 PM

Posted 29 November 2011 - 11:22 AM

I have already run Hijack this... here is the log from it. I really need help... PLEASE???

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:03:33 AM, on 11/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
C:\Program Files\Navizon\Navimote\Navimote.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 7.0.3\slpcap.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\BUFFALO\NASNAVI\nassche.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] c:\Program Files\Sophos\AutoUpdate\almon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - Startup: BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartCapture.lnk = C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 7.0.3\slpcap.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
O16 - DPF: {42B182F9-3F08-484E-9913-07193A5D36A9} (WebClient Control) - http://proxy5.yoics.net:39348/web/WebClient.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1308769443421
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://lojackforlaptops.absolute.com/ctmweb/testoc.cab
O16 - DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} (SCDeviceMonitor Class) - https://huntbes.huntleigh.local:663/webconsole/RIMWebComponents.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://vpn.contego.net/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = huntleigh.local
O17 - HKLM\Software\..\Telephony: DomainName = huntleigh.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BA9B981-DD34-4A76-BFC7-35BC898C7FF9}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = huntleigh.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BA9B981-DD34-4A76-BFC7-35BC898C7FF9}: NameServer = 8.8.8.8,8.8.4.4
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL, c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: Navimote - Navizon Inc. USA - C:\Program Files\Navizon\Navimote\Navimote.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
O23 - Service: VMware vCenter Converter Standalone Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
O23 - Service: VMware vCenter Converter Standalone Server (vmware-converter-server) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: VMware vCenter Converter Standalone Worker (vmware-converter-worker) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe

--
End of file - 14130 bytes

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 04 December 2011 - 11:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429873 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 AM

Posted 06 December 2011 - 06:25 AM

Hi there,

If you still need help could you please follow LogBot's instructions and post a DDS and GMER log for me?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 jorjannw

jorjannw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 PM

Posted 06 December 2011 - 10:17 AM

1. getting redirects and had a temp file on the desktop that would not go away. Also have run Sophos antivirus and found C:\WINDOWS\Temp\A9R47C.tmp[hidden] that I Cannot get rid of. I have run tdsskiller and Sophos
2. Attached the zipped dds.txt and attach.txt (CALLED attach.zip)
3. I do not have my windows CD
4. THANK YOU!!!

Attached Files



#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 AM

Posted 06 December 2011 - 03:40 PM

Hi,

The dds.txt file is not in the zip folder. Could you post it here please?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#6 jorjannw

jorjannw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 PM

Posted 06 December 2011 - 04:53 PM

sorry, here is the GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-06 15:53:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160316AS rev.JC4B
Running: mcxlqjbi.exe; Driver: C:\DOCUME~1\JORJAN~1.WAL\LOCALS~1\Temp\uxldruod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateKey [0xADAA13BA]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateThread [0xADAA18A4]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwDeleteKey [0xADAA1510]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetSystemInformation [0xADAA1BCE]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetValueKey [0xADAA1576]

INT 0x01 \??\C:\DOCUME~1\JORJAN~1.WAL\LOCALS~1\Temp\mbr.sys F77A8C42

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6DD9000, 0x1C8292, 0xE8000020]
? C:\DOCUME~1\JORJAN~1.WAL\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[164] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 005C9E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005CFB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005CF8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 005CFA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005CFA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005CF9E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005CF9C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005CF9A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 005CFB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005CF8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 005D0700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005CF940 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005CFA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 005CF920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 005CF980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 005CFAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 005CF900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 005CF8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 005CFA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 005CF960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 005CFAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005CFAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 005CFA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 005CFC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] WS2_32.dll!bind 71AB4480 5 Bytes JMP 005CFC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 005CFC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] WS2_32.dll!send 71AB4C27 5 Bytes JMP 005CFCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] WS2_32.dll!recv 71AB676F 5 Bytes JMP 005CFCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 005CFBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 005CFBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 005CFCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 005CFC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[164] WS2_32.dll!accept 71AC1040 5 Bytes JMP 005CFC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 005C9E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005CFB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005CF8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 005CFA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005CFA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005CF9E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005CF9C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005CF9A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 005CFB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005CF8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 005D0700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005CF940 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005CFA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 005CF920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 005CF980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 005CFAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 005CF900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 005CF8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 005CFA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 005CF960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 005CFAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005CFAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 005CFA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 005CFC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!bind 71AB4480 5 Bytes JMP 005CFC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 005CFC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!send 71AB4C27 5 Bytes JMP 005CFCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!recv 71AB676F 5 Bytes JMP 005CFCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 005CFBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 005CFBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 005CFCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 005CFC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!accept 71AC1040 5 Bytes JMP 005CFC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 005C9E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005CFB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005CF8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 005CFA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005CFA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005CF9E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005CF9C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005CF9A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 005CFB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005CF8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 005D0700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005CF940 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005CFA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 005CF920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 005CF980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 005CFAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 005CF900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 005CF8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 005CFA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 005CF960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 005CFAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005CFAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 005CFA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 005CFBA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 005CFB80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 005CFB40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 005CFB60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 005CFC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WS2_32.dll!bind 71AB4480 5 Bytes JMP 005CFC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 005CFC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WS2_32.dll!send 71AB4C27 5 Bytes JMP 005CFCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WS2_32.dll!recv 71AB676F 5 Bytes JMP 005CFCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 005CFBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 005CFBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 005CFCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 005CFC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[656] WS2_32.dll!accept 71AC1040 5 Bytes JMP 005CFC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 005C9E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005CFB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005CF8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 005CFA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005CFA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005CF9E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005CF9C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005CF9A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 005CFB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005CF8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 005D0700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005CF940 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005CFA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 005CF920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 005CF980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 005CFAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 005CF900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 005CF8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 005CFA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 005CF960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 005CFAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005CFAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 005CFA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 005C9E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005CFB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005CF8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 005CFA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005CFA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005CF9E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005CF9C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005CF9A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 005CFB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005CF8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 005D0700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005CF940 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005CFA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 005CF920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 005CF980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 005CFAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 005CF900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 005CF8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 005CFA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 005CF960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 005CFAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005CFAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 005CFA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 005CFC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!bind 71AB4480 5 Bytes JMP 005CFC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 005CFC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!send 71AB4C27 5 Bytes JMP 005CFCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!recv 71AB676F 5 Bytes JMP 005CFCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 005CFBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 005CFBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 005CFCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 005CFC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!accept 71AC1040 5 Bytes JMP 005CFC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 005C9E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005CFB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005CF8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 005CFA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005CFA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005CF9E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005CF9C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005CF9A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 005CFB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005CF8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 005D0700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005CF940 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005CFA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 005CF920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 005CF980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 005CFAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 005CF900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 005CF8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 005CFA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 005CF960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 005CFAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005CFAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 005CFA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 005CFC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!bind 71AB4480 5 Bytes JMP 005CFC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 005CFC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!send 71AB4C27 5 Bytes JMP 005CFCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!recv 71AB676F 5 Bytes JMP 005CFCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 005CFBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 005CFBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 005CFCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 005CFC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!accept 71AC1040 5 Bytes JMP 005CFC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 005C9E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005CFB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005CF8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 005CFA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005CFA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005CF9E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005CF9C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005CF9A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 005CFB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005CF8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 005D0700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005CF940 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005CFA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 005CF920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 005CF980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 005CFAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 005CF900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 005CF8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 005CFA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 005CF960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 005CFAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005CFAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 005CFA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 005CFC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!bind 71AB4480 5 Bytes JMP 005CFC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 005CFC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!send 71AB4C27 5 Bytes JMP 005CFCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!recv 71AB676F 5 Bytes JMP 005CFCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 005CFBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 005CFBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 005CFCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 005CFC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!accept 71AC1040 5 Bytes JMP 005CFC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 005C9E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005CFB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005CF8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 005CFA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005CFA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005CF9E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005CF9C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005CF9A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 005CFB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005CF8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 005D0700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005CF940 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005CFA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 005CF920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 005CF980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 005CFAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 005CF900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 005CF8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 005CFA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 005CF960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 005CFAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005CFAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 005CFA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 005CFC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WS2_32.dll!bind 71AB4480 5 Bytes JMP 005CFC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 005CFC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WS2_32.dll!send 71AB4C27 5 Bytes JMP 005CFCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WS2_32.dll!recv 71AB676F 5 Bytes JMP 005CFCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 005CFBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 005CFBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 005CFCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 005CFC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WS2_32.dll!accept 71AC1040 5 Bytes JMP 005CFC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 005CFBA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 005CFB80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 005CFB40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1568] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 005CFB60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00989E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0098FB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0098F8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0098FA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0098FA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0098FB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0098F8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00990700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0098F920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0098F980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0098FAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0098F900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0098F8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0098FA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0098F960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0098FAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0098FAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0098FA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ole32.dll!CoUninitialize 7750133C 5 Bytes JMP 0098CA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ole32.dll!CoInitializeEx 77501473 5 Bytes JMP 0098C9B0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0098FBA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 0098FB80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0098FB40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0098FB60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0098FC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ws2_32.dll!bind 71AB4480 5 Bytes JMP 0098FC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 0098FC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ws2_32.dll!send 71AB4C27 5 Bytes JMP 0098FCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ws2_32.dll!recv 71AB676F 5 Bytes JMP 0098FCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ws2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0098FBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ws2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0098FBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ws2_32.dll!listen 71AB8CD3 5 Bytes JMP 0098FCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ws2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0098FC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[2320] ws2_32.dll!accept 71AC1040 5 Bytes JMP 0098FC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00869E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0086FB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0086F8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0086FA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0086FA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0086F9E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0086F9C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0086F9A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0086FB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0086F8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00870700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0086FA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0086F920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0086F980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0086FAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0086F900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0086F8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0086FA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0086F960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0086FAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0086FAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0086FA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0086FBA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 0086FB80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0086FB40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0086FB60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0086FC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0086FC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0086FC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0086FCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0086FCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0086FBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0086FBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0086FCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0086FC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0086FC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00989E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0098FB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0098F8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0098FA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0098FA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0098FB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0098F8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00990700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0098F920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0098F980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0098FAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0098F900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0098F8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0098FA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0098F960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0098FAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0098FAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0098FA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ole32.dll!CoUninitialize 7750133C 5 Bytes JMP 0098CA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ole32.dll!CoInitializeEx 77501473 5 Bytes JMP 0098C9B0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0098FBA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 0098FB80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0098FB40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0098FB60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0098FC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ws2_32.dll!bind 71AB4480 5 Bytes JMP 0098FC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 0098FC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ws2_32.dll!send 71AB4C27 5 Bytes JMP 0098FCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ws2_32.dll!recv 71AB676F 5 Bytes JMP 0098FCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ws2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0098FBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ws2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0098FBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ws2_32.dll!listen 71AB8CD3 5 Bytes JMP 0098FCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ws2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0098FC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[3964] ws2_32.dll!accept 71AC1040 5 Bytes JMP 0098FC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00909E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0090FB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0090F8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0090FA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0090FA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0090F9E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0090F9C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0090F9A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0090FB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0090F8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00910700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0090F940 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0090FA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0090F920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0090F980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0090FAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0090F900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0090F8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0090FA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0090F960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0090FAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0090FAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0090FA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0090FC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0090FC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0090FC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0090FCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0090FCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0090FBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0090FBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0090FCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0090FC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0090FC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0090FBA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 0090FB80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0090FB40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[4760] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0090FB60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00899E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0089FB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0089F8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0089FA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0089FA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0089F9E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0089F9C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0089F9A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0089FB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0089F8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 008A0700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0089F940 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0089FA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0089F920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0089F980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0089FAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0089F900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0089F8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0089FA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0089F960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0089FAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0089FAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Microsoft Office\Office\EXCEL.EXE[5660] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0089FA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00989E20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0098FB20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0098F8A0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0098FA80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0098FA60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0098FB00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0098F8C0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00990700 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0098F920 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0098F980 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0098FAC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0098F900 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0098F8E0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0098FA20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0098F960 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0098FAE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0098FAA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0098FA40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ole32.dll!CoUninitialize 7750133C 5 Bytes JMP 0098CA00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ole32.dll!CoInitializeEx 77501473 5 Bytes JMP 0098C9B0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0098FBA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 0098FB80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0098FB40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0098FB60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0098FC40 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ws2_32.dll!bind 71AB4480 5 Bytes JMP 0098FC20 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 0098FC60 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ws2_32.dll!send 71AB4C27 5 Bytes JMP 0098FCE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ws2_32.dll!recv 71AB676F 5 Bytes JMP 0098FCC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ws2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0098FBE0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ws2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0098FBC0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ws2_32.dll!listen 71AB8CD3 5 Bytes JMP 0098FCA0 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ws2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0098FC80 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ws2_32.dll!accept 71AC1040 5 Bytes JMP 0098FC00 c:\PROGRA~1\Sophos\SOPHOS~2\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

---- EOF - GMER 1.0.15 ----

#7 jorjannw

jorjannw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 PM

Posted 06 December 2011 - 05:28 PM

and here is the dds.txt

Attached Files

  • Attached File  dds.txt   15.89KB   2 downloads


#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 AM

Posted 07 December 2011 - 08:41 AM

Hi jorjannw,

How do you know you're infected with Troj/PDFJs-OY? I presume Sophos is informing you? If so, could you list the file in particular?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 jorjannw

jorjannw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 PM

Posted 07 December 2011 - 09:15 AM

I did in one of my earlier posts. But here it is again so you dont have to look for it:
Also have run Sophos antivirus and found C:\WINDOWS\Temp\A9R47C.tmp[hidden] that I Cannot get rid of

#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 AM

Posted 07 December 2011 - 02:14 PM

:step1: OK, well let's just try clearing out the temp files - this should remove the detected threat.

Click Start, and then click Run. In the Open box, type cleanmgr, and then click OK.

Now make sure the Remove Windows temporary files box is ticked and run the clean up tool.

:step2: Run Sophos and see if it detects the threat.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 jorjannw

jorjannw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 PM

Posted 07 December 2011 - 03:43 PM

well... now I have two. The original one is still there - c:\WINDOWS\Temp\A9R47FC.tmp[hidden] and now C:\documents and settings\networkService\Local Settings\Temporary Internet FIles\Content.IE5\FP821MPX\showthread[1].htm

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 AM

Posted 08 December 2011 - 06:54 AM

OK, please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 AM

Posted 11 December 2011 - 11:56 AM

Hi,

This is a 3 day bump.

Hopefully you're still with me but please be aware that if there is no reply within two days, then this topic will be closed as stale.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 AM

Posted 16 December 2011 - 01:50 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 AM

Posted 16 December 2011 - 06:24 PM

This topic has been re-opened at the request of the person who originally posted.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users