# Mutiple Trojan alerts (APQ.tmp)



## ninjitsuboy (Jun 13, 2010)

hello, I'm a newbie when it comes down to computers so please forgive me if I can't explain things fully.
I've recently been alerted by norton antivirus about a trojan horse APQ.tmp but it seems to be reduplicating itself as norton antivirus is alerting about more of them i.e. APQB3 ect.
it began happening when I download and installed another antivrus program called Bullguard so please help I do not know what to do I'm currently using windows XP


----------



## ninjitsuboy (Jun 13, 2010)

Another problem is whenever my computer loads up it says AvManRes is not found what is that?


----------



## dvk01 (Dec 14, 2002)

First clear your Java cache as shown http://www.java.com/en/download/help/5000020300.xml 
Then follow advice *here* and post the logs those programs make in your next reply to this topic


----------



## ninjitsuboy (Jun 13, 2010)

Umm, I cant find the Java icon in the control panel or is it somewhere else?


----------



## dvk01 (Dec 14, 2002)

skip that step then


----------



## ninjitsuboy (Jun 13, 2010)

Umm this is probably going to be my last post because right now I'm just swamped with revision and work as I have my exams right now and I cannot deal with the computer problems, I'll probably when I have time create a new topic. Sorry to waste your time  But thanks for trying to help me

Should I mark this topic as solved or should I just leave it to close?


----------



## dvk01 (Dec 14, 2002)

Do NOT use the computer at all until you have it fixed


----------



## ninjitsuboy (Jun 13, 2010)

Hello again, I managed to quickly find time to respond if you see this then thanks I've done the scans and here are the results
DDS txt

DDS (Ver_10-03-17.01) - NTFSx86 
Run by User at 23:00:06.12 on 22/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.449 [GMT 1:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\User\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mWinlogon: SFCDisable=-99 (0xffffff9d)
mWinlogon: Shell=Explorer.exe %windir%\system32\drivers\Regv.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\35kmanhv.default\
FF - component: c:\program files\bullguard ltd\bullguard\antiphishing\ff\[email protected]\components\BGFFComponent.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-18 2189240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-14 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100620.006\NAVENG.SYS [2010-6-20 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100620.006\NAVEX15.SYS [2010-6-20 1347504]
R4 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys --> c:\windows\system32\drivers\afwcore.sys [?]
R4 BdSpy;BdSpy;c:\windows\system32\drivers\bdspy.sys --> c:\windows\system32\drivers\BdSpy.sys [?]
S2 Regv Controler;Regv Controler;"c:\windows\system32\drivers\regv.exe" --> c:\windows\system32\drivers\Regv.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2010-06-21 17:34:03 0 d-sh--w- c:\documents and settings\user\IECompatCache
2010-06-21 17:33:30 0 d-sh--w- c:\documents and settings\user\PrivacIE
2010-06-21 17:20:56 0 d-sh--w- c:\documents and settings\user\IETldCache
2010-06-20 18:23:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-20 18:23:40 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-20 18:23:39 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-20 18:23:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-20 18:23:37 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-20 18:23:35 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-20 18:23:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-20 18:23:08 0 d-----w- c:\windows\ie8updates
2010-06-20 18:22:44 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-20 18:15:56 0 dc-h--w- c:\windows\ie8
2010-06-19 15:18:16 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-19 15:18:16 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-19 15:14:46 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-19 14:58:46 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-19 14:51:44 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-06-19 14:48:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-19 14:43:12 0 d-----w- c:\windows\system32\KB905474
2010-06-19 14:40:09 0 d-----w- c:\windows\system32\PreInstall
2010-06-19 14:38:52 0 d--h--w- c:\windows\$hf_mig$
2010-06-19 14:10:19 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-06-19 14:08:34 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-19 14:08:31 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-19 14:08:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-19 13:26:51 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-06-19 12:12:20 0 d-sha-r- C:\cmdcons
2010-06-19 12:08:27 98816 ----a-w- c:\windows\sed.exe
2010-06-19 12:08:27 77312 ----a-w- c:\windows\MBR.exe
2010-06-19 12:08:27 256512 ----a-w- c:\windows\PEV.exe
2010-06-19 12:08:27 161792 ----a-w- c:\windows\SWREG.exe
2010-06-14 19:19:49 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-06-14 19:19:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-05 15:59:11 0 d-----w- c:\docume~1\alluse~1\applic~1\BullGuard
2010-06-05 15:58:24 0 d-----w- c:\program files\BullGuard Ltd

==================== Find3M ====================

2010-06-17 21:06:22 150848 ----a-w- c:\windows\system32\BGLsp.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 11:40:07 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2001-11-23 11:08:20 712704 ----a-w- c:\windows\inf\other\AUDIO3D.DLL

============= FINISH: 23:01:06.03 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17/05/2009 13:52:43
System Uptime: 22/06/2010 21:27:10 (2 hours ago)

Motherboard: | | K7S8X.
Processor: AMD Athlon(tm) XP 2600+ | Socket-A | 2087/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 28.095 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP40: 03/02/2010 17:16:04 - System Checkpoint
RP41: 23/03/2010 17:51:17 - System Checkpoint
RP42: 08/04/2010 19:46:59 - System Checkpoint
RP43: 16/04/2010 12:48:26 - System Checkpoint
RP44: 18/04/2010 22:26:43 - System Checkpoint
RP45: 21/04/2010 20:08:11 - System Checkpoint
RP46: 25/04/2010 12:24:35 - System Checkpoint
RP47: 28/04/2010 21:34:09 - System Checkpoint
RP48: 30/04/2010 19:54:36 - System Checkpoint
RP49: 12/06/2010 14:59:56 - System Checkpoint
RP50: 13/06/2010 20:09:53 - System Checkpoint
RP51: 17/06/2010 19:32:01 - System Checkpoint
RP52: 19/06/2010 13:08:43 - ComboFix created restore point
RP53: 19/06/2010 15:38:42 - Software Distribution Service 3.0
RP54: 19/06/2010 16:55:44 - Software Distribution Service 3.0
RP55: 20/06/2010 18:15:53 - Software Distribution Service 3.0
RP56: 20/06/2010 19:06:31 - Software Distribution Service 3.0
RP57: 21/06/2010 18:38:04 - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
C-Media 3D Audio
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
LiveUpdate 3.3 (Symantec Corporation)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft LifeCam
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSVCRT
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Segoe UI
Symantec Endpoint Protection
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime

==== Event Viewer Messages From Past Week ========

22/06/2010 21:36:41, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/06/2010 21:36:41, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
22/06/2010 21:36:22, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
21/06/2010 18:34:39, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
20/06/2010 18:12:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
20/06/2010 18:12:40, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/06/2010 18:11:09, error: PlugPlayManager [11] - The device Root\LEGACY_SYMSMR100\0000 disappeared from the system without first being prepared for removal.
15/06/2010 20:44:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx
15/06/2010 20:44:41, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.
15/06/2010 20:41:58, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
15/06/2010 20:11:19, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
15/06/2010 11:11:32, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
15/06/2010 07:56:59, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

Ark.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-22 23:31:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pfloykow.sys

---- System - GMER 1.0.15 ----

SSDT 866A9DF0 ZwAlertResumeThread
SSDT 865883F0 ZwAlertThread
SSDT 865E2DB0 ZwAllocateVirtualMemory
SSDT 865461D8 ZwConnectPort
SSDT 865C9670 ZwCreateMutant
SSDT 86566008 ZwCreateThread
SSDT 86677580 ZwFreeVirtualMemory
SSDT 866A82F8 ZwImpersonateAnonymousToken
SSDT 866A9D18 ZwImpersonateThread
SSDT 86566730 ZwMapViewOfSection
SSDT 86526360 ZwOpenEvent
SSDT 8667CC98 ZwOpenProcessToken
SSDT 86556CE8 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0xF7A54280]
SSDT SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwQueryDefaultLocale [0xF76577B0]
SSDT 86688F90 ZwResumeThread
SSDT 865911F8 ZwSetContextThread
SSDT 865650F0 ZwSetInformationProcess
SSDT 865D62A8 ZwSetInformationThread
SSDT 865480D0 ZwSuspendProcess
SSDT 86589240 ZwSuspendThread
SSDT 86655E90 ZwTerminateProcess
SSDT 865894B8 ZwTerminateThread
SSDT 85EC4250 ZwUnmapViewOfSection
SSDT 86571120 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 250 804E28BC 4 Bytes CALL 5BD47E2D 
.text ntoskrnl.exe!_abnormal_termination + 3DC 804E2A48 2 Bytes [F0, 50]
.text ntoskrnl.exe!_abnormal_termination + 3DF 804E2A4B 5 Bytes [86, A8, 62, 5D, 86]
.text ntoskrnl.exe!_abnormal_termination + 4A0 804E2B0C 2 Bytes [20, 11] {AND [ECX], DL}
.text ntoskrnl.exe!_abnormal_termination + 4A3 804E2B0F 1 Byte [86]
? C:\WINDOWS\system32\drivers\wpsdrvnt.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtMapViewOfSection + 5  7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtOpenFile + 5  7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes  JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Thank you again if you see this post and sorry for my inconvience.


----------



## dvk01 (Dec 14, 2002)

that is badly infected

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​
Download ComboFix from *Here* to your Desktop.

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this 
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" * for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. *


----------



## ninjitsuboy (Jun 13, 2010)

Heres the log

ComboFix 10-06-23.05 - User 24/06/2010 21:31:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.611 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2010-06-21 17:33 . 2010-06-21 17:33 -------- d-sh--w- c:\documents and settings\User\PrivacIE
2010-06-21 17:20 . 2010-06-21 17:20 -------- d-sh--w- c:\documents and settings\User\IETldCache
2010-06-20 18:23 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-20 18:23 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-20 18:23 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-20 18:23 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-20 18:23 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-20 18:23 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-20 18:23 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-20 18:23 . 2010-06-21 17:43 -------- d-----w- c:\windows\ie8updates
2010-06-20 18:22 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-20 18:15 . 2010-06-20 18:22 -------- dc-h--w- c:\windows\ie8
2010-06-19 15:18 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-19 15:18 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-19 15:14 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-19 14:58 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-19 14:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-06-19 14:48 . 2010-06-19 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-19 14:47 . 2010-06-19 14:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\NPE
2010-06-19 14:43 . 2010-06-19 14:43 -------- d-----w- c:\windows\system32\KB905474
2010-06-19 14:38 . 2010-06-21 17:43 -------- d--h--w- c:\windows\$hf_mig$
2010-06-19 14:10 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-06-19 14:08 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-19 14:08 . 2010-02-17 08:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-19 14:08 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-05 17:20 . 2010-06-05 17:20 0 ----a-w- c:\windows\nsreg.dat
2010-06-05 17:20 . 2010-06-05 17:20 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 11:40 . 2009-08-22 15:51 1744 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/06/2010 21:30 102448]
S2 Regv Controler;Regv Controler;"c:\windows\system32\drivers\Regv.exe" --> c:\windows\system32\drivers\Regv.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/05/2007 13:55 23888]
.
Contents of the 'Scheduled Tasks' folder

2010-06-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-19 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\35kmanhv.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-BsScanner

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 21:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-24 21:38:35
ComboFix-quarantined-files.txt 2010-06-24 20:38
ComboFix2.txt 2010-06-19 12:20

Pre-Run: 30,122,684,416 bytes free
Post-Run: 30,148,730,880 bytes free

- - End Of File - - 6CB67C35C8BD0B4FCABCC04F8DAF8D21

Thanks for the fast reply I'll be able to follow your orders and reply back as I have a few days off my exams


----------



## dvk01 (Dec 14, 2002)

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)
*Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished *
Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *

This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

Ifv there is no zip file don't worry as the file might have already been deleted by your antivirus, in which case just post the new combofix report & tell us how it is


----------



## ninjitsuboy (Jun 13, 2010)

_I've done what you instructed but I cannot find the zip file
but here is the log

ComboFix 10-06-25.04 - User 26/06/2010 12:23:27.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.617 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFWCORE
-------\Legacy_BDSPY
-------\Legacy_REGV_CONTROLER
-------\Service_Regv Controler
-------\Service_vsdatant

((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2010-06-21 17:33 . 2010-06-21 17:33 -------- d-sh--w- c:\documents and settings\User\PrivacIE
2010-06-21 17:20 . 2010-06-21 17:20 -------- d-sh--w- c:\documents and settings\User\IETldCache
2010-06-20 18:23 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-20 18:23 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-20 18:23 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-20 18:23 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-20 18:23 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-20 18:23 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-20 18:23 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-20 18:23 . 2010-06-21 17:43 -------- d-----w- c:\windows\ie8updates
2010-06-20 18:22 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-20 18:15 . 2010-06-20 18:22 -------- dc-h--w- c:\windows\ie8
2010-06-19 15:18 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-19 15:18 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-19 15:14 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-19 14:58 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-19 14:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-06-19 14:48 . 2010-06-19 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-19 14:47 . 2010-06-19 14:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\NPE
2010-06-19 14:43 . 2010-06-19 14:43 -------- d-----w- c:\windows\system32\KB905474
2010-06-19 14:38 . 2010-06-21 17:43 -------- d--h--w- c:\windows\$hf_mig$
2010-06-19 14:10 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-06-19 14:08 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-19 14:08 . 2010-02-17 08:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-19 14:08 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-05 17:20 . 2010-06-05 17:20 0 ----a-w- c:\windows\nsreg.dat
2010-06-05 17:20 . 2010-06-05 17:20 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 11:40 . 2009-08-22 15:51 1744 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/06/2010 21:30 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/05/2007 13:55 23888]
.
Contents of the 'Scheduled Tasks' folder

2010-06-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-19 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\35kmanhv.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 12:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
.
**************************************************************************
.
Completion time: 2010-06-26 12:38:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-26 11:38
ComboFix2.txt 2010-06-24 20:38
ComboFix3.txt 2010-06-19 12:20

Pre-Run: 30,142,169,088 bytes free
Post-Run: 30,098,522,112 bytes free

- - End Of File - - C69A0FC83C5B2E22A8C784FD834B50FD

The computer seems to run much faster and now there isn't anymore pop up from symantec about trojans. Thank you and I'll just standby till I receive your reply
_


----------



## dvk01 (Dec 14, 2002)

how is it now


----------



## ninjitsuboy (Jun 13, 2010)

Um, what do you mean by how is it now exactly?


----------



## dvk01 (Dec 14, 2002)

exactly what it says

If you don't know then what is the point of me trying to help you. I can't see your copmputer, you can!

Are you still getting error messages or virus alerts or any other weird behaviour


----------



## ninjitsuboy (Jun 13, 2010)

Oh yeah I said in my previous post that the error messages stopped and the computer is working much faster and right now no weird behaviour sorry.

Thanks for helping me and I suppose topic solved


----------



## dvk01 (Dec 14, 2002)

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then * RUN*
* Now type *Combofix /Uninstall * in the runbox and click *OK*. Note the *space *between the *X* and the */U*, it needs to be there.









This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here* http://www.thespykiller.co.uk/index.php?page=3 *for info on how to tighten your security settings and how to help prevent future attacks.

and scan here* http://secunia.com/software_inspector/ * for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place


----------



## ninjitsuboy (Jun 13, 2010)

I try to do the scan by it says I have some problem with a java applet on my browser


----------



## dvk01 (Dec 14, 2002)

you need to install java then 
www.java.com


----------



## ninjitsuboy (Jun 13, 2010)

yup finished the scan and now currently downloading the updates. Thank you for your assistance I will make sure to follow all the tips given to avoid getting anymore viruses (hopefully )


----------

