Inactive XP Pro SP3 with IE8 Fails to update. Rootkit?

[Inactive] XP Pro SP3 with IE8 Fails to update. Rootkit?

XP Pro SP3 with IE8 Fails to update
School Laptop Samsung R509 PC Running Windows XP Pro SP3 patched fairly well up to date. Firewall provided by ISP downline so no access to it. AV Sophos up to date.

Notebook refuses to run certain things but is ok with others. Installs and runs Adobe but refuses Flash – MS Updates won’t run from IE8 because when the page comes up that usually offers Express or Custom the screen is blank. Details posted in another thread – thanks to Arie and colleagues for suggesting posting help request here.


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6817

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/06/2011 14:09:05
mbam-log-2011-06-15 (14-08-49).txt

Scan type: Quick scan
Objects scanned: 1036230
Time elapsed: 24 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-15 13:32:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HI rev.HH100-06
Running: 14j7rg04.exe; Driver: C:\DOCUME~1\xxxx\LOCALS~1\Temp\kxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateKey [0xA79793BA] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateThread [0xA79798A4] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwDeleteKey [0xA7979510] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetSystemInformation [0xA7979BCE] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetValueKey [0xA7979576] <-- ROOTKIT !!!

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[232] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0037F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\RUNDLL32.EXE[676] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0036FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0036FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0036FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0036FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)

 

Posting 2
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0036FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0036FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0036FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1604] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0036FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)

 

Posting 3
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00377460 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 003775A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] ole32.dll!CoCreateInstance 774FF1AC 8 Bytes JMP 00377860 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0037FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 0037FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0037FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0037FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0037FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0037FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0037FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0037FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0037FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0037FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0037FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0037FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!getpeername 71AC0B68 3 Bytes JMP 0037FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!getpeername + 4 71AC0B6C 1 Byte [8E]
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!accept 71AC1040 3 Bytes JMP 0037FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[3460] WS2_32.dll!accept + 4 71AC1044 1 Byte [8E]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
---- Processes - GMER 1.0.15 ----

Library \\xxxxxxxxxxx\users\staff\xxxx\Documents\Downloads\14j7rg04.exe (*** hidden *** ) @ \\xxxxxxxxx\users\staff\xxxxxxx\Documents\Downloads\14j7rg04.exe [2312] 0x00400000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\DRIVERS\obvious.sys (*** hidden *** ) [SYSTEM] obvious <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@ServiceBinary C:\WINDOWS\system32\drivers\OBVIOUS.SYS
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@Group SCSI Miniport
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@ImagePath system32\DRIVERS\obvious.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@Tag 33
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\Enum
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\Enum@Count 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\Enum@NextInstance 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\parameters\pnpinterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\security
Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\obvious@ServiceBinary C:\WINDOWS\system32\drivers\OBVIOUS.SYS

 

Posting 4
Reg HKLM\SYSTEM\ControlSet003\Services\obvious@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet003\Services\obvious@ImagePath system32\DRIVERS\obvious.sys
Reg HKLM\SYSTEM\ControlSet003\Services\obvious@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\obvious@Start 1
Reg HKLM\SYSTEM\ControlSet003\Services\obvious@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\obvious@Tag 33
Reg HKLM\SYSTEM\ControlSet003\Services\obvious\Enum (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\obvious\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\ControlSet003\Services\obvious\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet003\Services\obvious\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet003\Services\obvious\parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\obvious\parameters\pnpinterface (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\obvious\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet003\Services\obvious\security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\obvious\security@Security 0x01 0x00 0x14 0x80 ...

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-15 13:34:41
-----------------------------
13:34:41.558 OS Version: Windows 5.1.2600 Service Pack 3
13:34:41.558 Number of processors: 2 586 0xF0D
13:34:41.558 ComputerName: SCNB2 UserName: xxxx
13:34:42.058 Initialize success
13:34:59.951 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:34:59.951 Disk 0 Vendor: SAMSUNG_HM160HI HH100-06 Size: 152627MB BusType: 3
13:35:02.059 Disk 0 MBR read successfully
13:35:02.059 Disk 0 MBR scan
13:35:02.059 Disk 0 Windows XP default MBR code
13:35:04.073 Disk 0 scanning sectors +312578048
13:35:04.198 Disk 0 scanning C:\WINDOWS\system32\drivers
13:35:25.540 Service scanning
13:35:26.430 Disk 0 trace - called modules:
13:35:26.477 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:35:26.477 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89baa758]
13:35:26.477 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89b7db00]
13:35:26.477 Scan finished successfully
13:36:42.400 Disk 0 MBR has been saved successfully to "F:\DL\2011\MBR.dat "
13:36:42.603 The log file has been saved successfully to "F:\DL\2011\aswMBR.txt "

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by xxxx at 13:37:13 on 2011-06-15
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2009.1431 [GMT 1:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HHVcdV6Sys\VC6SecS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros WLAN Client\ACU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HHVcdV6Sys\VC6Play.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Virtual CD v6\System\VC6Tray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mmc.exe
\\xxxxxxx\users\staff\xxxx\Documents\Downloads\aswMBR.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyServer = Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:xxx
uInternet Settings,ProxyOverride = xx.xxx.xx.*;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [ACU] "c:\program files\atheros wlan client\ACU.exe" -nogui
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [VC6Player] c:\program files\hhvcdv6sys\VC6Play.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: QuickLaunchEnabled = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
Trusted Zone: adobe.com\get
Trusted Zone: adobe.com\www
Trusted Zone: microsoft.com
Trusted Zone: sch.uk\mail.xxxxxxx.wilts
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254996790203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255009099979
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40626.3103240741
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ive.net-ctrl.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = xx.xxx.xxx.x xxx.xxx.xxx.x
TCP: Interfaces\{C7A08281-89B5-4CC8-96E2-C103C16050AD} : DhcpNameServer = xx.xxx.xxx.x xxx.xxx.xxx.x
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\xxxx\application data\mozilla\firefox\profiles\p8v6mplq.default\
FF - prefs.js: network.proxy.http - proxy.xxxx.xxxx.xx
FF - prefs.js: network.proxy.http_port - xxxx
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-3-11 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-3-11 24064]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-25 135664]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2011-1-21 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2011-1-21 97520]
S2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2011-1-21 282624]
S2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2011-1-21 230640]
S2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2011-1-21 806912]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2011-1-21 1541360]
S3 ADDMEM;ADDMEM;\??\c:\docume~1\xxxx\locals~1\temp\__samsung_update\addmem.sys --> c:\docume~1\xxxx\locals~1\temp\__samsung_update\ADDMEM.SYS [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2010-3-18 23928]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-3-11 14976]
.
=============== Created Last 30 ================
.
2011-06-15 11:05:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-10 10:06:44 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-06-10 09:03:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-09 11:49:12 -------- dc-h--w- c:\windows\ie8
2011-06-07 14:06:44 -------- d--h--w- c:\windows\msdownld.tmp
2011-06-06 11:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-05-29 08:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 13:37:28.55 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/09/2009 14:48:55
System Uptime: 15/06/2011 11:51:55 (2 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R509
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | U2E1 | 2161/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 54.109 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 67.6 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
M: is NetworkDisk (NTFS) - 788 GiB total, 426.968 GiB free.
N: is CDROM ()
O: is CDROM ()
P: is NetworkDisk (NTFS) - 788 GiB total, 426.968 GiB free.
S: is NetworkDisk (NTFS) - 788 GiB total, 426.968 GiB free.
W: is NetworkDisk (NTFS) - 788 GiB total, 426.968 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5007EG Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7131144F&REV_01\4&1A9C2D41&0&00E0
Manufacturer: Atheros
Name: Atheros AR5007EG Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7131144F&REV_01\4&1A9C2D41&0&00E0
Service: AR5416
.
==== System Restore Points ===================
.
RP61: 24/03/2011 09:49:32 - Installed Java(TM) 6 Update 24
RP62: 24/03/2011 11:15:42 - Removed Java(TM) 6 Update 17
RP63: 24/03/2011 11:16:34 - Installed Java(TM) 6 Update 24
RP64: 24/03/2011 11:47:56 - Software Distribution Service 3.0
RP65: 24/03/2011 13:18:12 - Installed %1 %2.
RP66: 24/03/2011 16:10:02 - Removed Java(TM) 6 Update 24
RP67: 24/03/2011 16:11:30 - Installed Java(TM) 6 Update 24
RP68: 27/04/2011 12:20:42 - System Checkpoint
RP69: 07/06/2011 15:10:14 - Installed Java(TM) 6 Update 25
RP70: 07/06/2011 16:04:27 - Software Distribution Service 3.0
RP71: 09/06/2011 11:14:30 - Installed Windows XP KB942288-v3.
RP72: 09/06/2011 12:50:24 - Installed Windows Internet Explorer 8.
RP73: 09/06/2011 12:51:20 - Software Distribution Service 3.0
RP74: 10/06/2011 08:11:51 - Software Distribution Service 3.0
RP75: 15/06/2011 12:04:18 - Installed Java(TM) 6 Update 26
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe SVG Viewer 3.0
Atheros WLAN Client
CCleaner
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.0.1200
Marvell Miniport Driver
Microsoft .NET Framework 2.0
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Realtek High Definition Audio Driver
Samsung EDS
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sophos Anti-Virus
Sophos AutoUpdate
Sophos Remote Management System
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2264107)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Virtual CD v6
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
15/06/2011 12:30:00, error: NETLOGON [5719] - No Domain Controller is available for domain XXXXXXX due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
09/06/2011 11:18:40, error: Service Control Manager [7000] - The Microsoft TV/Video Connection service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

 

Thank you Broni.

Logs follow:


ComboFix 11-06-15.03 - xxx 16/06/2011 9:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2009.1508 [GMT 1:00]
Running from: \\xxxxxxxx\users\staff\xxxx\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-15 11:05 . 2011-05-04 01:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-10 10:18 . 2011-06-10 10:18 -------- d-----w- c:\documents and settings\xxxx\Local Settings\Application Data\Mozilla
2011-06-10 10:06 . 2011-06-10 10:06 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-06-10 09:03 . 2011-06-10 11:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-09 11:49 . 2011-06-09 11:50 -------- dc-h--w- c:\windows\ie8
2011-06-07 14:06 . 2011-06-07 14:23 -------- d--h--w- c:\windows\msdownld.tmp
2011-06-07 14:02 . 2011-06-07 14:02 -------- d-----w- c:\program files\Microsoft Silverlight
2011-06-07 13:57 . 2011-06-07 14:00 -------- d-----w- c:\documents and settings\xxxxxx
2011-06-06 11:55 . 2011-06-06 11:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-05-24 09:30 . 2011-05-24 09:30 -------- d-----w- c:\documents and settings\xxxxxxxx\Local Settings\Application Data\Temp
2011-05-24 09:29 . 2011-05-24 09:32 -------- d-----w- c:\documents and settings\xxxxxx\Application Data\.minecraft
2011-05-23 11:03 . 2011-05-23 11:28 -------- d-----w- c:\documents and settings\xxxxxx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 08:11 . 2011-03-24 14:48 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2011-03-24 14:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 03:52 . 2010-04-22 07:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 16:26 . 2011-06-10 10:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU "= "c:\program files\Atheros WLAN Client\ACU.exe" [2008-07-07 450649]
"RTHDCPL "= "RTHDCPL.EXE" [2008-05-16 16862720]
"EDS "= "c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-20 659456]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-07-22 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-07-22 178712]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-07-22 150040]
"VC6Player "= "c:\program files\HHVcdV6Sys\VC6Play.exe" [2004-06-25 245760]
"Synchronization Manager "= "c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Sophos AutoUpdate Monitor "= "c:\program files\Sophos\AutoUpdate\almon.exe" [2011-01-21 439536]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1 (0x1)
"ForceStartMenuLogOff "= 1 (0x1)
"QuickLaunchEnabled "= 1 (0x1)
"DisablePersonalDirChange "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/03/2010 15:34 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/03/2010 15:34 24064]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [21/01/2011 12:10 163056]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [21/01/2011 12:10 97520]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [21/01/2011 12:10 1541360]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [14/01/2008 19:01 30208]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25/02/2010 15:16 135664]
S3 ADDMEM;ADDMEM;\??\c:\docume~1\tech\LOCALS~1\Temp\__Samsung_Update\ADDMEM.SYS --> c:\docume~1\tech\LOCALS~1\Temp\__Samsung_Update\ADDMEM.SYS [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16/11/2010 02:10 267568]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24/03/2011 15:48 39984]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [18/03/2010 08:47 23928]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/03/2010 15:32 14976]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-24 c:\windows\Tasks\Daily.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2011-01-21 11:10]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 14:16]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 14:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk
uInternet Settings,xxxx = xxxx.xxxxx.xxx.xxx:xxxx
uInternet Settings,ProxyOverride = xxx.xxx.xxx.*;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\documents and settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll
Trusted Zone: adobe.com\get
Trusted Zone: adobe.com\www
Trusted Zone: microsoft.com
Trusted Zone: sch.uk\mail.xxx.xxx
TCP: DhcpNameServer = xx.xxx.xxx.x xx.xxx.xxx.x
FF - ProfilePath - c:\documents and settings\xxx\Application Data\Mozilla\Firefox\Profiles\p8v6mplq.default\
FF - prefs.js: network.proxy.http - proxy.xxxx.xxx.xxx
FF - prefs.js: network.proxy.http_port - xxxx
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-16 09:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath "= "\ "c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194 "
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\obvious]
"ImagePath "= "system32\DRIVERS\obvious.sys "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\obvious]
@DACL=(02 0044)
@Denied: (1 4 5) (S-1-5-21-1060284298-2000478354-725345543-1004)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1560)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1196)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1141)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1204)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1178)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1574)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1166)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1526)
@Denied: (1 4 5) (Administrator)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1241)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1521)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1142)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1151)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1165)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1223)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1161)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1528)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1160)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1153)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1156)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1541)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1506)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1164)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1150)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1138)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1244)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1240)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1509)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1140)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1176)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1139)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1154)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1524)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1175)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1211)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1177)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1199)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1515)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1174)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1148)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1162)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1157)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1508)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1128)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1130)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1479)
@Denied: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1194)
@Denied: (1 4 5) (Administrator)
@Denied: (1 4 5) (S-1-5-21-601518932-1515935392-108995256-1634)
@Denied: (1 4 5) (S-1-5-21-601518932-1515935392-108995256-1659)
@Denied: (1 4 5) (Administrator)
@Allowed: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1560)
@Allowed: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1149)
@Allowed: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1521)
@Allowed: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1204)
@Allowed: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1526)
@Allowed: (1 4 5) (S-1-5-21-1308278370-537218216-1205675782-1520)
@Allowed: (B C) (S-1-5-4)
"ServiceBinary "= "c:\\WINDOWS\\system32\\drivers\\OBVIOUS.SYS "
"Group "= "SCSI Miniport "
"ImagePath "=expand: "system32\\DRIVERS\\obvious.sys "
"ErrorControl "=dword:00000001
"Start "=dword:00000001
"Type "=dword:00000001
"Tag "=dword:00000021
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1000)
c:\documents and settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll
.
- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\msiexec.exe
c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Sophos\Remote Management System\RouterNT.exe
c:\program files\HHVcdV6Sys\VC6SecS.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Virtual CD v6\System\VC6Tray.exe
.
**************************************************************************
.
Completion time: 2011-06-16 09:51:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-16 08:51
.
Pre-Run: 57,882,984,448 bytes free
Post-Run: 58,061,266,944 bytes free
.
- - End Of File - - 450056971FC670515DE658AD6DEA4C19

 

This is the Report:


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Stealth
==============================================

 

I have kept a copy of the log with x'd out items displayed if you want nit via a PM.

Thanks very much for your help.

 

The Rkill report:


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 16/06/2011 at 10:01:04.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

\\xxxxxx\xxx\xxxx\xxx\Desktop\rkill.com


--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is: xxxxxx.xxxxx.xxx.xx:xxxx

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 16/06/2011 at 10:01:11.

 

Thanks Broni.

Being a school our ISP automatically blocks many downloads (including .exe files) I can unblock to allow bypass.

I'm thinking that at the stage the scan asked to install the recovery console it was blocked - it certainly wasn't anything I did.

As to xxx ing our ISPs and in particular names as an ex security worker this is something I do as second nature but also there was a log where one of our students was named so I hope you will accept that for the purposes of the UK Data Protection Act I had no option other than to xxx the details out.

Your help is hugely appreciated - in no way am I trying to be difficult.

 

Thank you Broni. Absolutely no offence intended, I hugely respect the help you clearly so freely give toward keeping members computers malware free.

I totally see where you are coming from with your recent response and would hope you can respect my position as someone subject to the stringent UK Data Protection laws on why I will not be able to post those logs up to this publicly accessible forum.

There are, no doubt lurkers looking at these forums who glean information from them that helps them in their cause. I most certainly was not suggesting that you in any way are anything other than a genuine guy helping people who have problems caused by 'the other side'.

I am now closing this thread having formatted the HD and reinstalled the OS.

Thank you again for your help. Sorry I irritated you.

 

Apologies if this question is muppety but when I hit the thread tools on this one there isn't an option there to mark as resolved - just unsubscribe?