Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot malware issue


  • Please log in to reply
3 replies to this topic

#1 Bernard longden

Bernard longden

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool UK
  • Local time:08:22 AM

Posted 16 January 2012 - 11:21 AM

After scanning with Malwarebytes the trojan reappears within hours.is
A scan with Microsoft Security Essentials suggest that a boot trojan exists boot:\device\harddisk\DR0
Sophos requires a manual removal but not how! Any suggestions on how to remove the trojan

Edited by hamluis, 16 January 2012 - 11:32 AM.
Moved from XP to Am i infected.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:22 AM

Posted 16 January 2012 - 11:39 AM

Can you post the MBAM log?

Download

TDSSkiller

Launch it ,click on SCAN

Post the generated log after scan

Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Good luck

#3 Bernard longden

Bernard longden
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool UK
  • Local time:08:22 AM

Posted 16 January 2012 - 05:44 PM

Thank you for the prompt reply and guidance on the problem - it is appreciated.
I followed the instructions and have produced the following text file
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-16 22:42:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.17.0
Running: ks3cqfhf.exe; Driver: C:\DOCUME~1\Bernard\LOCALS~1\Temp\agtdqfoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateKey [0x9B3373BA]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateThread [0x9B3378A4]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwDeleteKey [0x9B337510]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetSystemInformation [0x9B337BCE]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetValueKey [0x9B337576]

---- Kernel code sections - GMER 1.0.15 ----

.text ipsec.sys 96097000 121 Bytes [96, FF, B5, 04, FF, FF, FF, ...]
.text ipsec.sys 9609707A 50 Bytes CALL 96096D19 \SystemRoot\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation)
.text ipsec.sys 960970AD 19 Bytes [09, 96, FF, B5, 04, FF, FF, ...]
.text ipsec.sys 960970C1 3 Bytes [E4, 5E, 0A]
.text ipsec.sys 960970C5 40 Bytes [68, 92, 72, 09, 96, FF, B5, ...]
.text ...
? C:\WINDOWS\system32\DRIVERS\ipsec.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WININET.dll!InternetReadFile 3D9513DC 5 Bytes JMP 0036FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WININET.dll!InternetQueryDataAvailable 3D95161D 5 Bytes JMP 0036FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 0036FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 0036FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WININET.dll!InternetReadFile 3D9513DC 5 Bytes JMP 0036FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WININET.dll!InternetQueryDataAvailable 3D95161D 5 Bytes JMP 0036FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 0036FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\lsass.exe[756] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 0036FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetReadFile 3D9513DC 5 Bytes JMP 0036FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetQueryDataAvailable 3D95161D 5 Bytes JMP 0036FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 0036FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 0036FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E4000A
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E5000A
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E3000C
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1804] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106C3A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1804] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106C3A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1804] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1046C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1804] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0275000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1856] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02CF000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1856] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0274000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1856] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 6FA07D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1856] SHELL32.dll!SHExtractIconsW 7CA05712 5 Bytes JMP 6FA15550 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1856] ole32.dll!StgOpenStorageEx 7754EDC8 5 Bytes JMP 6FA0EE50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WININET.dll!InternetReadFile 3D9513DC 5 Bytes JMP 0036FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WININET.dll!InternetQueryDataAvailable 3D95161D 5 Bytes JMP 0036FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 0036FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1876] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 0036FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!InternetReadFile 3D9513DC 5 Bytes JMP 0036FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!InternetQueryDataAvailable 3D95161D 5 Bytes JMP 0036FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 0036FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 0036FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetReadFile 3D9513DC 5 Bytes JMP 0036FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetQueryDataAvailable 3D95161D 5 Bytes JMP 0036FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 0036FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 0036FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00379E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0037FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0037FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0037F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0037F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0037FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0037F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00380700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0037F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0037F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0037FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0037F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0037F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00377460 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 003775A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0037FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0037F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0037FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0037FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0037FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] ole32.dll!CoCreateInstance 774FF1BC 8 Bytes JMP 00377860 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WININET.dll!InternetReadFile 3D9513DC 5 Bytes JMP 0037FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WININET.dll!InternetQueryDataAvailable 3D95161D 5 Bytes JMP 0037FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 0037FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 0037FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0037FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!bind 71AB4480 5 Bytes JMP 0037FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0037FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0037FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0037FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0037FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0037FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 0037FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!getpeername 71AC0B68 3 Bytes JMP 0037FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!getpeername + 4 71AC0B6C 1 Byte [8E]
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!accept 71AC1040 3 Bytes JMP 0037FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2336] WS2_32.dll!accept + 4 71AC1044 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2872] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2872] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!closesocket 71AB3E2B 3 Bytes JMP 0036FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!closesocket + 4 71AB3E2F 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!bind 71AB4480 3 Bytes JMP 0036FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!bind + 4 71AB4484 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!connect 71AB4A07 3 Bytes JMP 0036FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!connect + 4 71AB4A0B 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!send 71AB4C27 3 Bytes JMP 0036FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!send + 4 71AB4C2B 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!recv 71AB676F 3 Bytes JMP 0036FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!recv + 4 71AB6773 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 0036FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!WSASocketA 71AB8B6A 3 Bytes JMP 0036FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!WSASocketA + 4 71AB8B6E 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!listen 71AB8CD3 3 Bytes JMP 0036FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!listen + 4 71AB8CD7 1 Byte [8E]
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 0036FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!accept 71AC1040 5 Bytes JMP 0036FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00369E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0036FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0036F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0036FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0036FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0036F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0036F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0036F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0036FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0036F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 00370700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0036F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0036FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0036F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 0036F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 0036FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0036F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0036F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 0036FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 0036F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 0036FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0036FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\system32\svchost.exe[3148] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 0036FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 6FA09E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 6FA0FB20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0F8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0FA80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0FA60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0F9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0F9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0F9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0FB00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0F8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA10700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 6FA0F940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0FA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0F920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0F980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0FAC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0F900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0F8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!ResumeThread 7C832927 5 Bytes JMP 6FA0FA20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!GetThreadContext 7C83973D 5 Bytes JMP 6FA0F960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 6FA0FAE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 6FA0FAA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 6FA0FA40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 6FA0FC40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WS2_32.dll!bind 71AB4480 5 Bytes JMP 6FA0FC20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 6FA0FC60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 6FA0FCE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WS2_32.dll!recv 71AB676F 5 Bytes JMP 6FA0FCC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WS2_32.dll!WSAStartup 71AB6A55 7 Bytes JMP 6FA0FBE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 6FA0FBC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 6FA0FCA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 6FA0FC80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WS2_32.dll!accept 71AC1040 5 Bytes JMP 6FA0FC00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WININET.dll!InternetReadFile 3D9513DC 5 Bytes JMP 6FA0FBA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WININET.dll!InternetQueryDataAvailable 3D95161D 5 Bytes JMP 6FA0FB80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 6FA0FB40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Messenger\msmsgs.exe[3564] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 6FA0FB60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 9B2CB000-9B2DD000 (73728 bytes)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 488392068

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB26178$\1817220316 0 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933 0 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\bckfg.tmp 850 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\cfg.ini 184 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\keywords 205 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\L 0 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\L\obwisewj 75264 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\U 0 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB26178$\3971975933\U\80000032.@ 77312 bytes

---- EOF - GMER 1.0.15 ----

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:22 AM

Posted 16 January 2012 - 05:46 PM

You are infected,you need help from experts

Read the preparation guide

http://www.bleepingcomputer.com/forums/topic34773.html

Create a new topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Edited by narenxp, 16 January 2012 - 05:46 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users