Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

How do I get rid of a rootkit? Please help, thank you

Started by Panda-in-need , May 06 2011 11:28 AM

This topic is locked

#1
Panda-in-need

Posted 06 May 2011 - 11:28 AM

Member

Member
16 posts

I've previously got rid of alot of viruses and malware using malwarebytes anti malware and AVG.

I did another scan and everything came back clean apart from a rootkit I found on AVG. I heal it and remove it but it just come back with a different name.

File name is unknown,object is hidden and the infection is:
Service function Ntmapviewofsection hook -> 0x8551DE60

How do I unhook it/ repair it. Thanks alot in advance

#2
Essexboy

Posted 07 May 2011 - 08:06 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi lets see what it is first

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
Panda-in-need

Posted 08 May 2011 - 07:59 AM

Member

Topic Starter
Member
16 posts

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-08 14:25:49
-----------------------------
14:25:49.156 OS Version: Windows 5.1.2600 Service Pack 2
14:25:49.156 Number of processors: 2 586 0x40A
14:25:49.171 ComputerName: SHANICELAWSON UserName: Shanice
14:25:50.015 Initialize success
14:26:31.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
14:26:31.406 Disk 0 Vendor: WDC_WD800BB-00JHC0 05.01C05 Size: 76319MB BusType: 3
14:26:33.453 Disk 0 MBR read successfully
14:26:33.453 Disk 0 MBR scan
14:26:33.468 Disk 0 unknown MBR code
14:26:35.484 Disk 0 scanning sectors +156296385
14:26:35.515 Disk 0 scanning C:\WINDOWS\system32\drivers
14:26:51.546 Service scanning
14:26:54.015 Disk 0 trace - called modules:
14:26:54.015
14:26:54.015 Scan finished successfully
14:29:58.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Shanice\Desktop\MBR.dat"
14:29:58.312 The log file has been saved successfully to "C:\Documents and Settings\Shanice\Desktop\aswMBR.txt"

OTL logfile created on: 08/05/2011 14:32:19 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Shanice\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

958.00 Mb Total Physical Memory | 134.00 Mb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.32 Gb Total Space | 13.50 Gb Free Space | 19.19% Space Free | Partition Type: NTFS

Computer Name: SHANICELAWSON | User Name: Shanice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 14:30:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shanice\Desktop\OTL.exe
PRC - [2011/05/01 20:05:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:40 | 002,707,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/03/13 12:46:30 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/07/27 11:28:22 | 002,238,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/07/27 10:40:04 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/07/27 10:40:02 | 002,479,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/02/01 02:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 02:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/08/11 21:05:27 | 000,558,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/03/15 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/07/08 16:01:56 | 001,953,887 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe

========== Modules (SafeList) ==========

MOD - [2011/05/08 14:30:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shanice\Desktop\OTL.exe
MOD - [2008/07/27 10:40:56 | 000,357,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\sysfer.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/08 05:33:40 | 002,707,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/03/13 12:46:30 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/07/27 11:28:22 | 002,238,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/07/27 10:40:02 | 002,479,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/06/30 05:46:26 | 000,296,328 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/02/01 02:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 02:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/11 21:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/08/11 21:05:27 | 000,558,448 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 08:58:58 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110507.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 08:58:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110507.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/05/26 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/13 12:05:18 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/27 10:42:40 | 000,091,520 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/07/27 10:41:06 | 000,040,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/06/16 17:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/04/10 12:31:10 | 000,177,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690)
DRV - [2008/03/21 20:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/21 20:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/21 20:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/03/12 16:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2007/10/30 21:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 21:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/04/28 21:58:18 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/11/24 12:51:38 | 000,245,248 | RH-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/10/26 09:08:26 | 003,786,944 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/10/13 14:53:24 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/07 13:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/09/07 13:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/18 03:48:46 | 000,019,968 | ---- | M] (WikiTek Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - [2005/03/04 04:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Belkin\F5D9050\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://scabozez.cn/
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://scabozez.cn/
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/01 12:20:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/05/01 12:25:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 20:38:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/26 18:18:23 | 000,000,000 | ---D | M]

[2010/01/25 02:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shanice\Application Data\Mozilla\Extensions
[2011/04/30 15:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shanice\Application Data\Mozilla\Firefox\Profiles\3xhs4005.default\extensions
[2011/04/26 18:19:40 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Shanice\Application Data\Mozilla\Firefox\Profiles\3xhs4005.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/04/26 18:20:21 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Shanice\Application Data\Mozilla\Firefox\Profiles\3xhs4005.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011/04/30 11:49:50 | 000,002,570 | ---- | M] () -- C:\Documents and Settings\Shanice\Application Data\Mozilla\Firefox\Profiles\3xhs4005.default\searchplugins\askcom.xml
[2011/04/26 18:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/17 19:09:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/01 12:20:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/05/01 12:25:00 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/12/05 14:55:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/01 20:04:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\..\Toolbar\ShellBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240062517419 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (WIKI.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shanice\Local Settings\Application Data\Microsoft\Wallpaper3.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/23 06:44:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: ('autocheck autochk *') - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (60812205720862720)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 14:30:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shanice\Desktop\OTL.exe
[2011/05/08 14:24:54 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Shanice\Desktop\aswMBR.exe
[2011/05/04 17:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shanice\Application Data\Malwarebytes
[2011/05/04 17:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/04 17:43:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/04 17:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/04 17:42:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/04 17:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/03 23:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AdobeTemp
[2011/05/03 21:27:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/01 14:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shanice\Local Settings\Application Data\AVG Security Toolbar
[2011/05/01 14:34:01 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/05/01 12:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shanice\Application Data\AVG10
[2011/05/01 12:28:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/01 12:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/01 12:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/01 11:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/01 11:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/01 11:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/01 10:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/30 12:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/30 12:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/30 09:53:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shanice\Local Settings\Application Data\AskToolbar
[2011/04/29 19:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/29 19:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2003/04/11 15:45:58 | 000,018,804 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ACTDisk.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 14:30:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shanice\Desktop\OTL.exe
[2011/05/08 14:29:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Shanice\Desktop\MBR.dat
[2011/05/08 14:25:07 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Shanice\Desktop\aswMBR.exe
[2011/05/08 13:48:49 | 114,524,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/05 20:33:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/05 18:00:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/05 17:58:11 | 000,000,328 | -HS- | M] () -- C:\WINDOWS\tasks\Frkqd.job
[2011/05/05 17:58:11 | 000,000,320 | -HS- | M] () -- C:\WINDOWS\tasks\pusomjwam.job
[2011/05/05 17:58:11 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\Prxlnnr.job
[2011/05/05 17:57:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 09:15:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 17:43:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/02 20:45:46 | 000,652,203 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/05/01 12:22:16 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/30 12:43:18 | 000,429,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/30 12:43:18 | 000,074,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/26 18:18:29 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Shanice\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/26 18:18:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/14 22:13:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/08 14:29:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Shanice\Desktop\MBR.dat
[2011/05/08 13:48:49 | 114,524,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/04 17:43:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/02 20:45:46 | 000,652,203 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/05/01 18:40:52 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/01 12:22:16 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/29 19:29:12 | 000,000,328 | -HS- | C] () -- C:\WINDOWS\tasks\Frkqd.job
[2011/04/29 19:29:12 | 000,000,320 | -HS- | C] () -- C:\WINDOWS\tasks\pusomjwam.job
[2011/04/29 19:29:12 | 000,000,302 | -HS- | C] () -- C:\WINDOWS\tasks\Prxlnnr.job
[2011/04/26 18:18:28 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2010/12/26 13:14:33 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/12/26 13:14:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/10/09 22:53:46 | 000,065,384 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/06 19:35:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/19 12:32:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/01 22:07:50 | 000,025,173 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/08/20 15:43:48 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/08/20 15:43:47 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/08/20 15:43:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2008/04/10 12:31:10 | 000,177,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\cam1690.sys
[2008/03/25 09:05:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/08 11:12:14 | 000,130,965 | ---- | C] () -- C:\WINDOWS\cam1690.ini
[2007/10/08 11:12:02 | 000,065,527 | ---- | C] () -- C:\WINDOWS\cam1690b.ini
[2007/09/19 23:41:16 | 000,065,217 | ---- | C] () -- C:\WINDOWS\cam1690a.ini
[2007/09/19 22:11:52 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\cam1690.dll
[2007/08/29 16:40:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\cam1690m.dll
[2007/06/10 20:32:36 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Shanice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/23 17:34:42 | 001,597,440 | ---- | C] () -- C:\WINDOWS\stic1690.exe
[2007/03/12 20:45:25 | 000,000,092 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/03/12 20:45:24 | 000,000,395 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/03/12 20:45:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2007/03/12 20:45:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\LEXPING.EXE
[2007/03/12 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2007/03/12 20:44:52 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2007/02/03 18:29:27 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/01/23 23:11:54 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007/01/05 18:59:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D9050.dll
[2007/01/02 22:40:33 | 000,031,538 | ---- | C] () -- C:\Documents and Settings\Shanice\Application Data\wklnhst.dat
[2007/01/02 22:19:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2007/01/02 22:19:09 | 000,000,525 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2007/01/02 22:16:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Shanice\Local Settings\Application Data\fusioncache.dat
[2006/08/23 08:22:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/23 06:48:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/23 06:40:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/23 06:25:46 | 000,001,458 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/23 06:24:19 | 000,429,598 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/23 06:24:19 | 000,074,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/22 23:33:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/22 23:33:02 | 002,189,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/22 23:09:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/02 00:39:43 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/09/02 00:39:24 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/09/02 00:39:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/09/02 00:39:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/02 06:57:50 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2005/01/02 06:18:33 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/02 06:18:32 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/01/02 06:17:53 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/02 06:17:53 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/02 06:17:42 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/02 06:17:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/02 06:17:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/02 06:15:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/02 06:15:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/02 06:13:15 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005/01/02 06:12:35 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/02 06:11:12 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/01/01 23:18:59 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/01/01 23:18:35 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/01/01 23:18:27 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2005/01/01 23:16:35 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/01/01 23:16:31 | 000,104,376 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

========== LOP Check ==========

[2006/08/23 07:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/05/01 12:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/05 18:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2007/03/12 20:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/05/01 12:28:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/01 13:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2011/05/01 12:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/08/23 12:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/01/03 22:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2010/12/26 13:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/03/01 15:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/31 18:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 21:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/17 19:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/08/23 07:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2006/08/23 07:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2011/05/01 12:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\AVG10
[2009/09/29 19:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\com.adobe.ExMan
[2007/04/13 17:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\DriveCleaner Free
[2009/03/01 13:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\Flood Light Games
[2010/03/06 14:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\GetRightToGo
[2007/12/09 18:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\MSNInstaller
[2007/04/13 17:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\ParetoLogic
[2006/08/23 07:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\SampleView
[2007/01/05 18:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\Template
[2008/02/23 18:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\Windows Live Writer
[2011/05/05 17:58:11 | 000,000,328 | -HS- | M] () -- C:\WINDOWS\Tasks\Frkqd.job
[2011/05/05 18:00:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/05/05 17:58:11 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\Tasks\Prxlnnr.job
[2011/05/05 17:58:11 | 000,000,320 | -HS- | M] () -- C:\WINDOWS\Tasks\pusomjwam.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >
[2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2006/03/15 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2006/03/15 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2006/03/15 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2006/03/15 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2006/03/15 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/03/15 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2006/03/15 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/03/15 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2006/03/15 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/01 20:05:13 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/01 20:05:13 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/01 20:05:13 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/01 20:05:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/01 20:05:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/01 20:05:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2006/03/15 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2006/03/15 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2006/03/15 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2006/03/15 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/01 20:05:13 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/01 20:05:13 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/01 20:05:13 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/01 20:05:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/01 20:05:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/01 20:05:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2006/03/15 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2006/03/15 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2006/03/15 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2006/03/15 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25DB76AE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA85869
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9

< End of report >

OTL Extras logfile created on: 08/05/2011 14:32:19 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Shanice\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

958.00 Mb Total Physical Memory | 134.00 Mb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.32 Gb Total Space | 13.50 Gb Free Space | 19.19% Space Free | Partition Type: NTFS

Computer Name: SHANICELAWSON | User Name: Shanice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1805401034-1626897924-2381455240-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Age Of Empires II\empires2.exe" = D:\Age Of Empires II\empires2.exe:*:Enabled:Age of Empires II
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0D2933DA-D59D-48C7-ACB6-30E5C06C19F3}" = Dynamic Learning - OCR Media Studies for AS (Home Standalone)
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{263B29DD-8973-4E3C-BAEE-C7C95C7E7B41}" = Dynamic Learning (Home Standalone Edition)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{452E2DC2-9391-470C-AAB2-D91750A6B891}" = ATI Catalyst Control Center
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7585478E9D9B42108671C12F8714CEFE}" = DivX Converter
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8527C3D5-BA1D-46E9-88D2-AF25544311A3}" = JPEG Camera v1.1.3.4
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9922FE96-6803-498D-A6AD-4EB5A3B956A5}" = Belkin Wireless G Plus MIMO USB Network Adapter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A64FF1D4-9CBC-467C-8D11-C1AFAA0B8AFF}" = AVG 2011
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB0500E8-A6D5-4D66-A4F9-1457530E5B6F}" = Symantec Endpoint Protection
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA470D3B-058E-4772-B020-3C8C1F652A2E}" = MP3 Player
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"Lexmark 1200 Series" = Lexmark 1200 Series
"LIPSP2QFE" = Windows XP SP2 LIP update
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"MSNINST" = MSN
"OcaHistoryUpd" = OCA Client history tool install
"PROR" = Microsoft Office Professional 2007 Trial
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/05/2011 09:14:38 | Computer Name = SHANICELAWSON | Source = ESENT | ID = 454
Description = wuauclt (6228) Database recovery/restore failed with unexpected error
-551.

Error - 08/05/2011 09:14:38 | Computer Name = SHANICELAWSON | Source = ESENT | ID = 454
Description = wuauclt (6408) Database recovery/restore failed with unexpected error
-551.

Error - 08/05/2011 09:14:39 | Computer Name = SHANICELAWSON | Source = ESENT | ID = 454
Description = wuauclt (5652) Database recovery/restore failed with unexpected error
-551.

Error - 08/05/2011 09:14:40 | Computer Name = SHANICELAWSON | Source = ESENT | ID = 454
Description = wuauclt (6616) Database recovery/restore failed with unexpected error
-551.

Error - 08/05/2011 09:44:44 | Computer Name = SHANICELAWSON | Source = ESENT | ID = 454
Description = wuauclt (6656) Database recovery/restore failed with unexpected error
-551.

Error - 08/05/2011 09:44:46 | Computer Name = SHANICELAWSON | Source = ESENT | ID = 454
Description = wuauclt (4184) Database recovery/restore failed with unexpected error
-551.

Error - 08/05/2011 09:44:48 | Computer Name = SHANICELAWSON | Source = ESENT | ID = 454
Description = wuauclt (7128) Database recovery/restore failed with unexpected error
-551.

Error - 08/05/2011 09:44:49 | Computer Name = SHANICELAWSON | Source = ESENT | ID = 454
Description = wuauclt (7896) Database recovery/restore failed with unexpected error
-551.

Error - 08/05/2011 09:44:51 | Computer Name = SHANICELAWSON | Source = ESENT | ID = 454
Description = wuauclt (6580) Database recovery/restore failed with unexpected error
-551.

Error - 08/05/2011 09:44:52 | Computer Name = SHANICELAWSON | Source = ESENT | ID = 454
Description = wuauclt (7964) Database recovery/restore failed with unexpected error
-551.

[ System Events ]
Error - 06/05/2011 02:51:13 | Computer Name = SHANICELAWSON | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00173F630776. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 06/05/2011 07:17:03 | Computer Name = SHANICELAWSON | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 06/05/2011 08:53:37 | Computer Name = SHANICELAWSON | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.4 on
the Network Card with network address 00173F630776.

Error - 06/05/2011 08:55:16 | Computer Name = SHANICELAWSON | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00173F630776. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 06/05/2011 13:36:22 | Computer Name = SHANICELAWSON | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.4 on
the Network Card with network address 00173F630776.

Error - 07/05/2011 05:58:53 | Computer Name = SHANICELAWSON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec Core LC service.

Error - 07/05/2011 09:31:12 | Computer Name = SHANICELAWSON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec Core LC service.

Error - 07/05/2011 09:31:26 | Computer Name = SHANICELAWSON | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 08/05/2011 05:48:28 | Computer Name = SHANICELAWSON | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 08/05/2011 06:01:02 | Computer Name = SHANICELAWSON | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00173F630776. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

< End of report >

#4
Essexboy

Posted 08 May 2011 - 08:06 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi I see you have both Norton and AVG - this is the one time where two is not better than one

So I would recommend that one be uninstalled, which do you want to keep ?

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKU\S-1-5-21-1805401034-1626897924-2381455240-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O20 - AppInit_DLLs: (WIKI.DLL) - File not found
[2011/05/05 17:58:11 | 000,000,328 | -HS- | M] () -- C:\WINDOWS\tasks\Frkqd.job
[2011/05/05 17:58:11 | 000,000,320 | -HS- | M] () -- C:\WINDOWS\tasks\pusomjwam.job
[2011/05/05 17:58:11 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\Prxlnnr.job

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#5
Panda-in-need

Posted 08 May 2011 - 08:23 AM

Member

Topic Starter
Member
16 posts

i would like to uninstall AVG should i just do that through the control panel ?

#6
Essexboy

Posted 08 May 2011 - 08:37 AM

GeekU Moderator

Retired Staff
69,964 posts

Yes do it through the add/remove panel and then download and run the AVG removal tool

#7
Panda-in-need

Posted 08 May 2011 - 09:39 AM

Member

Topic Starter
Member
16 posts

While running the scan the first time I kept getting the message

The file or directory c:\documents and setting\shanice\LOCALS~1\Temp\plugtmp-100 is corrupt and unreadable. Please run Chkdsk utility

#8
Essexboy

Posted 08 May 2011 - 09:41 AM

GeekU Moderator

Retired Staff
69,964 posts

Is that during the OTL fix or scan ?

#9
Panda-in-need

Posted 08 May 2011 - 09:42 AM

Member

Topic Starter
Member
16 posts

Fix

#10
Essexboy

Posted 08 May 2011 - 09:53 AM

GeekU Moderator

Retired Staff
69,964 posts

OK we will run a checkdisc later to see if there is a problem there

Meanwhile do you still have the redirects ?

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#11
Panda-in-need

Posted 08 May 2011 - 10:10 AM

Member

Topic Starter
Member
16 posts

The Log from the quick scan you told me to do. Sorry but what is redirects ?

OTL logfile created on: 08/05/2011 16:59:04 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Shanice\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

958.00 Mb Total Physical Memory | 390.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.32 Gb Total Space | 31.72 Gb Free Space | 45.11% Space Free | Partition Type: NTFS

Computer Name: SHANICELAWSON | User Name: Shanice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 14:30:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shanice\Desktop\OTL.exe
PRC - [2010/03/13 12:46:30 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/07/27 11:28:22 | 002,238,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/07/27 10:40:04 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/07/27 10:40:02 | 002,479,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/02/01 02:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 02:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/08/11 21:05:27 | 000,558,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/03/15 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/07/08 16:01:56 | 001,953,887 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
PRC - [2004/12/14 04:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

========== Modules (SafeList) ==========

MOD - [2011/05/08 14:30:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shanice\Desktop\OTL.exe
MOD - [2008/07/27 10:40:56 | 000,357,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\sysfer.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/03/13 12:46:30 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/07/27 11:28:22 | 002,238,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/07/27 10:40:02 | 002,479,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/06/30 05:46:26 | 000,296,328 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/02/01 02:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 02:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/11 21:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/08/11 21:05:27 | 000,558,448 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 08:58:58 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110507.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 08:58:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110507.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/05/26 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/13 12:05:18 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/27 10:42:40 | 000,091,520 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/07/27 10:41:06 | 000,040,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/06/16 17:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/04/10 12:31:10 | 000,177,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690)
DRV - [2008/03/21 20:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/21 20:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/21 20:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/03/12 16:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2007/10/30 21:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 21:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/04/28 21:58:18 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/11/24 12:51:38 | 000,245,248 | RH-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/10/26 09:08:26 | 003,786,944 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/10/13 14:53:24 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/07 13:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/09/07 13:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/18 03:48:46 | 000,019,968 | ---- | M] (WikiTek Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - [2005/03/04 04:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Belkin\F5D9050\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-US&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 20:38:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/26 18:18:23 | 000,000,000 | ---D | M]

[2010/01/25 02:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shanice\Application Data\Mozilla\Extensions
[2011/04/30 15:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shanice\Application Data\Mozilla\Firefox\Profiles\3xhs4005.default\extensions
[2011/04/26 18:19:40 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Shanice\Application Data\Mozilla\Firefox\Profiles\3xhs4005.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/04/26 18:20:21 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Shanice\Application Data\Mozilla\Firefox\Profiles\3xhs4005.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011/04/30 11:49:50 | 000,002,570 | ---- | M] () -- C:\Documents and Settings\Shanice\Application Data\Mozilla\Firefox\Profiles\3xhs4005.default\searchplugins\askcom.xml
[2011/04/26 18:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/17 19:09:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2009/12/05 14:55:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/01 20:04:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/08 16:31:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240062517419 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shanice\Local Settings\Application Data\Microsoft\Wallpaper3.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/23 06:44:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: ('autocheck autochk *') - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 16:31:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 16:00:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/08 14:30:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shanice\Desktop\OTL.exe
[2011/05/08 14:24:54 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Shanice\Desktop\aswMBR.exe
[2011/05/04 17:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shanice\Application Data\Malwarebytes
[2011/05/04 17:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/04 17:43:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/04 17:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/04 17:42:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/04 17:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/03 23:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AdobeTemp
[2011/05/01 12:28:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/01 11:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/01 10:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/30 12:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/30 12:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/30 09:53:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shanice\Local Settings\Application Data\AskToolbar
[2011/04/29 19:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/29 19:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2003/04/11 15:45:58 | 000,018,804 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ACTDisk.sys

========== Files - Modified Within 30 Days ==========

[2011/05/08 16:57:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/08 16:56:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/08 16:54:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/08 16:31:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/08 14:30:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shanice\Desktop\OTL.exe
[2011/05/08 14:29:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Shanice\Desktop\MBR.dat
[2011/05/08 14:25:07 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Shanice\Desktop\aswMBR.exe
[2011/05/05 20:33:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/04 17:43:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 12:43:18 | 000,429,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/30 12:43:18 | 000,074,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/26 18:18:29 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Shanice\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/26 18:18:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/14 22:13:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/05/08 14:29:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Shanice\Desktop\MBR.dat
[2011/05/04 17:43:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/01 18:40:52 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/26 18:18:28 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2010/12/26 13:14:33 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/12/26 13:14:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/10/09 22:53:46 | 000,065,384 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/06 19:35:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/19 12:32:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/01 22:07:50 | 000,025,173 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/08/20 15:43:48 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/08/20 15:43:47 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/08/20 15:43:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2008/04/10 12:31:10 | 000,177,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\cam1690.sys
[2008/03/25 09:05:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/08 11:12:14 | 000,130,965 | ---- | C] () -- C:\WINDOWS\cam1690.ini
[2007/10/08 11:12:02 | 000,065,527 | ---- | C] () -- C:\WINDOWS\cam1690b.ini
[2007/09/19 23:41:16 | 000,065,217 | ---- | C] () -- C:\WINDOWS\cam1690a.ini
[2007/09/19 22:11:52 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\cam1690.dll
[2007/08/29 16:40:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\cam1690m.dll
[2007/06/10 20:32:36 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Shanice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/23 17:34:42 | 001,597,440 | ---- | C] () -- C:\WINDOWS\stic1690.exe
[2007/03/12 20:45:25 | 000,000,092 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/03/12 20:45:24 | 000,000,395 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/03/12 20:45:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2007/03/12 20:45:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\LEXPING.EXE
[2007/03/12 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2007/03/12 20:44:52 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2007/02/03 18:29:27 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/01/23 23:11:54 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007/01/05 18:59:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D9050.dll
[2007/01/02 22:40:33 | 000,031,538 | ---- | C] () -- C:\Documents and Settings\Shanice\Application Data\wklnhst.dat
[2007/01/02 22:19:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2007/01/02 22:19:09 | 000,000,525 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2007/01/02 22:16:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Shanice\Local Settings\Application Data\fusioncache.dat
[2006/08/23 08:22:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/23 06:48:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/23 06:40:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/23 06:25:46 | 000,001,458 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/23 06:24:19 | 000,429,598 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/23 06:24:19 | 000,074,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/22 23:33:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/22 23:33:02 | 002,189,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/22 23:09:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/02 00:39:43 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/09/02 00:39:24 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/09/02 00:39:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/09/02 00:39:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/02 06:57:50 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2005/01/02 06:18:33 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/02 06:18:32 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/01/02 06:17:53 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/02 06:17:53 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/02 06:17:42 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/02 06:17:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/02 06:17:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/02 06:15:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/02 06:15:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/02 06:13:15 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005/01/02 06:12:35 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/02 06:11:12 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/01/01 23:18:59 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/01/01 23:18:35 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/01/01 23:18:27 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2005/01/01 23:16:35 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/01/01 23:16:31 | 000,104,376 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

========== LOP Check ==========

[2011/05/08 16:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2007/03/12 20:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/05/01 12:28:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/01 13:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2011/05/08 16:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/08/23 12:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/01/03 22:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2010/12/26 13:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/03/01 15:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/31 18:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 21:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/17 19:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/29 19:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\com.adobe.ExMan
[2007/04/13 17:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\DriveCleaner Free
[2009/03/01 13:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\Flood Light Games
[2010/03/06 14:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\GetRightToGo
[2007/12/09 18:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\MSNInstaller
[2007/04/13 17:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\ParetoLogic
[2006/08/23 07:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\SampleView
[2007/01/05 18:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\Template
[2008/02/23 18:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shanice\Application Data\Windows Live Writer
[2011/05/08 16:57:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25DB76AE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA85869
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9

< End of report >

#12
Essexboy

Posted 08 May 2011 - 10:20 AM

GeekU Moderator

Retired Staff
69,964 posts

My apologies I meant the rootkit alerts

My thoughts were that AVG was detecting an element of Norton and that was what it was alerting on

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

#13
Panda-in-need

Posted 08 May 2011 - 11:01 AM

Member

Topic Starter
Member
16 posts

While running the gmer scan I got the same message as before corrupt file. . . . . Please run Chkdsk utility. The gmer is still running and I will put the log when it's finished but I just wanted to say thank you very much for all the help so far

#14
Essexboy

Posted 08 May 2011 - 11:03 AM

GeekU Moderator

Retired Staff
69,964 posts

OK we will run the checkdisc once I have had a look at the GMER log

#15
Panda-in-need

Posted 08 May 2011 - 03:30 PM

Member

Topic Starter
Member
16 posts

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-08 22:15:06
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 WDC_WD800BB-00JHC0 rev.05.01C05
Running: gmer.exe; Driver: C:\DOCUME~1\Shanice\LOCALS~1\Temp\awlyruow.sys

---- System - GMER 1.0.15 ----

SSDT 855785E8 ZwAlertResumeThread
SSDT 8558F368 ZwAlertThread
SSDT 857F9728 ZwAllocateVirtualMemory
SSDT 85556150 ZwConnectPort
SSDT 85583660 ZwCreateMutant
SSDT 85552720 ZwCreateThread
SSDT 855742D0 ZwFreeVirtualMemory
SSDT 855763F0 ZwImpersonateAnonymousToken
SSDT 8609D4B0 ZwImpersonateThread
SSDT 85550E30 ZwMapViewOfSection
SSDT 8555CED0 ZwOpenEvent
SSDT 855B0568 ZwOpenProcessToken
SSDT 855541A0 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xF76852F0]
SSDT SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwQueryDefaultLocale [0xF7208880]
SSDT 85A69818 ZwResumeThread
SSDT 855C5A88 ZwSetContextThread
SSDT 85550578 ZwSetInformationProcess
SSDT 85553640 ZwSetInformationThread
SSDT 855787A8 ZwSuspendProcess
SSDT 855C5CD0 ZwSuspendThread
SSDT 855D1E08 ZwTerminateProcess
SSDT 855C58C0 ZwTerminateThread
SSDT 855C7BF8 ZwUnmapViewOfSection
SSDT 85553208 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2BEC 80504458 8 Bytes CALL E8D59BE2
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC0 8050482C 2 Bytes [08, 1E] {OR [ESI], BL}
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC3 8050482F 5 Bytes [85, C0, 58, 5C, 85]
.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + B5D 805413E5 5 Bytes JMP F7209C80 SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation)
.text ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes [E9, 24, CD, E6, E4] {JMP 0xffffffffe4e6cd29}
.text ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes [E9, 0A, CD, E6, E4] {JMP 0xffffffffe4e6cd0f}
.text ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes [E9, 48, CC, E6, E4] {JMP 0xffffffffe4e6cc4d}
.text ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes [E9, C5, CB, E6, E4] {JMP 0xffffffffe4e6cbca}
.text ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes [E9, C0, CB, E6, E4] {JMP 0xffffffffe4e6cbc5}
.text ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes [E9, 73, C8, E6, E4] {JMP 0xffffffffe4e6c878}
.text ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes [E9, 05, C8, E6, E4] {JMP 0xffffffffe4e6c80a}
.text ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes [E9, 00, C8, E6, E4] {JMP 0xffffffffe4e6c805}
.text ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes [E9, 3D, C2, E6, E4] {JMP 0xffffffffe4e6c242}
.text ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes [E9, D7, BF, E6, E4] {JMP 0xffffffffe4e6bfdc}
.text ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes [E9, 2E, BE, E6, E4] {JMP 0xffffffffe4e6be33}
.text ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes [E9, 96, BD, E6, E4] {JMP 0xffffffffe4e6bd9b}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[132] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehSched.exe[172] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXBCES.EXE[256] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\LEXPPS.EXE[296] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[424] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[492] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[636] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[728] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[896] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1272] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1436] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1600] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1604] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[1640] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1872] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1916] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1948] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2356] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3076] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3424] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3896] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3944] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe[3960] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4808] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5440] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[5532] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 6177A3B0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 6177A3EA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6177A424 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtDeleteFile + 5 7C90D894 5 Bytes JMP 6177A45E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 6177A498 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 6177A4D2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 6177A50C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtOpenKey + 5 7C90DD41 1 Byte [E9]
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6177A546 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtRenameKey + 5 7C90E33E 5 Bytes JMP 6177A580 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 6177A5BA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 6177A5F4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Shanice\Desktop\gmer.exe[5544] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 6177A62E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device ED2C9C8A

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----