Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

mircbot removal help


  • This topic is locked This topic is locked

#1
cormac

cormac

    Member

  • Member
  • PipPip
  • 10 posts
hi

trying to get rid of mircbot ... i have malwarebytes full edition but that's not working and of course neither is norton so trying this process listed on the board ...

mircbot removal process

so i've run combfix and this is the log it gave me ...

can anyone have a look and see if i got it or if i need to do something else? thanks

ComboFix 11-09-17.02 - kelly 09/17/2011 13:39:02.2.4 - x86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3325.2038 [GMT -5:00]
Running from: c:\users\kelly\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Microsoft Office\OFFICE11\OSA.exe
c:\users\kelly\AppData\Local\ApplicationHistory
c:\users\kelly\AppData\Local\ApplicationHistory\ChessPositionTrainer.exe.50299ad1.ini.inuse
c:\users\kelly\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-08-17 to 2011-09-17 )))))))))))))))))))))))))))))))
.
.
2011-09-17 18:48 . 2011-09-17 18:49 -------- d-----w- c:\users\kelly\AppData\Local\temp
2011-09-17 18:48 . 2011-09-17 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-16 19:27 . 2011-09-16 19:27 -------- d-----w- c:\program files\Windows Portable Devices
2011-09-16 14:59 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-09-16 14:59 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-09-16 14:59 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-09-16 14:57 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-09-16 14:57 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-09-16 14:57 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-16 14:44 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-09-16 06:38 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC593AC1-196B-4D0B-8A2F-BA90B7C8EBBC}\mpengine.dll
2011-09-09 23:21 . 2011-09-09 23:32 -------- d-----w- c:\users\kelly\AppData\Roaming\tixati
2011-09-09 23:20 . 2011-09-09 23:20 -------- d-----w- c:\program files\tixati
2011-09-09 19:24 . 2011-09-09 19:24 -------- d-----w- c:\programdata\Trend Micro
2011-09-09 19:14 . 2011-09-09 19:14 -------- d-----w- c:\program files\WinPcap
2011-09-09 19:14 . 2011-09-09 19:14 -------- d-----w- c:\program files\Trend Micro
2011-08-31 05:05 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-31 05:05 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-31 00:00 . 2011-08-31 00:01 -------- d-----w- c:\windows\system32\ca-ES
2011-08-31 00:00 . 2011-08-31 00:01 -------- d-----w- c:\windows\system32\eu-ES
2011-08-31 00:00 . 2011-08-31 00:00 -------- d-----w- c:\windows\system32\vi-VN
2011-08-30 20:40 . 2011-08-30 20:40 -------- d-----w- c:\windows\system32\EventProviders
2011-08-30 20:03 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-08-30 20:03 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2011-08-30 20:03 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2011-08-30 20:03 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-08-30 20:03 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-08-30 20:03 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-08-30 20:03 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2011-08-30 20:03 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2011-08-30 20:01 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-08-25 20:50 . 2011-08-25 20:50 -------- d-----w- c:\users\kelly\AppData\Local\CrashDumps
2011-08-23 03:27 . 2011-08-23 03:39 -------- d-----w- c:\users\kelly\AppData\Local\NPE
2011-08-23 03:27 . 2011-08-23 03:27 -------- d-----w- c:\programdata\Norton
2011-08-23 02:05 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-08-23 02:05 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-08-23 02:05 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-08-23 02:05 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-08-23 02:03 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-08-23 01:55 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-23 01:47 . 2011-08-23 01:47 22032 ----a-w- c:\windows\DCEBoot.exe
2011-08-20 17:10 . 2011-08-20 17:11 -------- d-----w- c:\program files\Tarrasch 1.95
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 15:37 . 2011-06-25 23:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 22:00 . 2010-05-19 04:13 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 22:46 . 2007-06-20 00:08 167936 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2011-09-09 15:36 . 2011-05-13 02:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-11-07 16:38 97304 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2009-11-06 58112]
"InCD"="c:\program files\Nero\Nero 9\InCD\InCD.exe" [2008-11-07 1112088]
"NBHGui"="c:\program files\Nero\Nero 9\InCD\NBHGui.exe" [2008-11-07 1591832]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-12-05 2254120]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-10-05 15:17 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1916383628-908312598-3602261186-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-31 20968]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [2008-11-07 108568]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-27 105592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
FF - ProfilePath - c:\users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.chesscafe.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-17 13:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1916383628-908312598-3602261186-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-NW[U^]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1916383628-908312598-3602261186-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-NW[U^\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1916383628-908312598-3602261186-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-NW[U^#WW]N2m[]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1916383628-908312598-3602261186-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-NW[U^#WW]N2m[\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1916383628-908312598-3602261186-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-NW[U^#WWZe]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1916383628-908312598-3602261186-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-NW[U^#WWZe\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1916383628-908312598-3602261186-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l-NW[]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1916383628-908312598-3602261186-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l-NW[\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1916383628-908312598-3602261186-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2e,a4,d3,4c,e9,e0,03,e6,8a,3a,2c,55,d6,77,da,8b,4d,fc,1c,99,f4,76,4a,
3d,eb,97,dd,87,3a,60,12,78,9b,56,7c,e1,49,90,49,8c,e9,da,e9,a5,65,93,ec,48,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83
.
[HKEY_USERS\S-1-5-21-1916383628-908312598-3602261186-1000\Software\SecuROM\License information*]
"datasecu"=hex:57,3b,10,2c,f2,ae,13,31,a5,75,98,b4,e4,f8,91,ef,71,30,76,6c,d7,
10,09,8a,3d,d1,18,6b,2f,20,b9,2d,17,32,31,47,f7,2a,d2,bf,6d,b5,c4,fb,6b,e0,\
"rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-17 13:51:10
ComboFix-quarantined-files.txt 2011-09-17 18:51
ComboFix2.txt 2011-08-29 23:52
.
Pre-Run: 210,858,217,472 bytes free
Post-Run: 243,517,800,448 bytes free
.
- - End Of File - - BF80EA217B7BE21102390E3689257C66
  • 0

Advertisements


#2
cormac

cormac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
so can anyone tell me if i should just continue with the second step of the process linked above? or does this log from combofix say whether i got rid of it? i don't see anything telling me if it did or did not - thanks
  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello cormac and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

You can ruin your system by following steps written for other user without expert help!

Let's see what we can find...

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#4
cormac

cormac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
thanks for your help of course ... and here are the results

OTL Log


OTL logfile created on: 9/21/2011 12:17:38 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\kelly\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 38.36% Memory free
6.69 Gb Paging File | 4.62 Gb Available in Paging File | 69.16% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.11 Gb Total Space | 231.71 Gb Free Space | 39.87% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.18 Gb Free Space | 67.86% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 64.59 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 13.82 Gb Free Space | 2.97% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 14.21 Gb Free Space | 1.53% Space Free | Partition Type: NTFS
Drive I: | 1862.36 Gb Total Space | 47.37 Gb Free Space | 2.54% Space Free | Partition Type: NTFS
Drive J: | 1862.36 Gb Total Space | 24.94 Gb Free Space | 1.34% Space Free | Partition Type: NTFS
Drive K: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOME-PC | User Name: kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/20 10:36:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\kelly\Desktop\OTL.scr
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/30 20:12:36 | 008,948,719 | ---- | M] () -- C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\hsgamma_FGRP1_0.23_windows_intelx86.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2009/11/06 18:58:02 | 004,793,088 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2009/11/06 18:58:00 | 000,783,104 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
PRC - [2009/05/17 07:11:00 | 000,847,872 | ---- | M] () -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\AK_v8b_win_SSE3_INTEL.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/12/05 18:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/12/05 16:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008/11/07 11:38:54 | 001,591,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe
PRC - [2008/11/07 11:38:52 | 001,486,872 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe
PRC - [2008/11/07 11:38:46 | 001,112,088 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\InCD.exe
PRC - [2008/11/07 11:38:46 | 000,108,568 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
PRC - [2008/04/04 21:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/04 20:55:38 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/04/04 20:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/02/01 03:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 03:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/30 20:12:36 | 008,948,719 | ---- | M] () -- C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\hsgamma_FGRP1_0.23_windows_intelx86.exe
MOD - [2009/08/18 13:02:42 | 000,061,952 | ---- | M] () -- C:\Program Files\BOINC\zlib1.dll
MOD - [2009/05/17 07:11:00 | 000,847,872 | ---- | M] () -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\AK_v8b_win_SSE3_INTEL.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/10/05 10:17:44 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/12/05 18:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/12/05 16:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008/11/07 11:38:52 | 001,486,872 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2008/11/07 11:38:46 | 000,108,568 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2008/04/04 21:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/04/04 20:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/04/04 04:45:18 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/02/01 03:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 03:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/11 22:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/04 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110920.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110920.032\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 03:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/04/30 15:18:04 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/31 01:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/11 14:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 14:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 14:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 14:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/02/13 14:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/07 11:38:52 | 000,129,944 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2008/11/07 11:38:50 | 000,048,152 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/11/07 11:38:50 | 000,019,096 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\Windows\System32\drivers\InCDRec.sys -- (InCDRec)
DRV - [2008/11/07 11:38:48 | 000,041,880 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (InCDRm)
DRV - [2008/07/30 19:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/03 08:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/04 21:01:46 | 000,091,520 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/04/04 20:59:46 | 000,040,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/03/21 21:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/21 21:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/21 21:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/03/12 17:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/01/20 21:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008/01/17 20:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/10/30 22:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 22:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.chesscafe.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/09 10:36:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 21:34:41 | 000,000,000 | ---D | M]

[2010/04/30 16:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kelly\AppData\Roaming\Mozilla\Extensions
[2011/08/21 12:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions
[2010/05/01 18:24:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/18 12:45:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/30 16:43:15 | 000,000,000 | ---D | M] (BloodFire 3) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions\[email protected]
[2010/04/30 16:44:25 | 000,000,000 | ---D | M] (Gradient Brushed Metal) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions\[email protected]
[2010/04/30 16:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions\[email protected]\mozapps\extensions
[2010/10/30 20:53:44 | 000,005,471 | ---- | M] () -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\searchplugins\googlecom-in-english.xml
[2010/10/30 20:53:27 | 000,001,504 | ---- | M] () -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\searchplugins\imdb.xml
[2010/10/30 20:53:01 | 000,004,140 | ---- | M] () -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\searchplugins\youtube.xml
[2011/07/15 14:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 14:23:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/09 18:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/17 18:42:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/02 15:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/15 14:21:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/09 10:36:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/05/12 21:34:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/17 13:48:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBHGui] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopc...oad/SOPCORE.CAB (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37EB1543-0E28-4963-AC51-7DD0D9B06ED3}: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\wallpaper\godzilla_versus_titanic.jpg
O24 - Desktop BackupWallPaper: C:\wallpaper\godzilla_versus_titanic.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/04/06 18:44:44 | 000,000,000 | ---D | M] - F:\Auto Focus [2002] -- [ NTFS ]
O32 - AutoRun File - [2010/09/13 22:31:43 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - K:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/01/28 15:00:27 | 000,000,088 | ---- | M] () - L:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/20 10:36:14 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\kelly\Desktop\OTL.scr
[2011/09/17 13:51:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/17 13:51:12 | 000,000,000 | ---D | C] -- C:\Users\kelly\AppData\Local\temp
[2011/09/17 13:36:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/17 13:36:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/17 13:36:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/16 14:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/09/09 18:21:10 | 000,000,000 | ---D | C] -- C:\Users\kelly\AppData\Roaming\tixati
[2011/09/09 18:21:01 | 000,000,000 | ---D | C] -- C:\Users\kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
[2011/09/09 18:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\tixati
[2011/09/09 14:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/09/09 14:16:17 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Users\kelly\Desktop\HousecallLauncher.exe
[2011/09/09 14:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011/09/09 14:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/09/09 14:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2011/09/09 14:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/30 19:00:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/08/30 19:00:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/08/30 19:00:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/08/30 15:40:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/29 18:40:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/29 18:40:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/29 15:11:46 | 004,214,521 | R--- | C] (Swearware) -- C:\Users\kelly\Desktop\ComboFix.exe
[2011/08/25 15:50:19 | 000,000,000 | ---D | C] -- C:\Users\kelly\AppData\Local\CrashDumps
[2011/08/23 13:38:32 | 006,926,144 | ---- | C] (McAfee Inc.) -- C:\Users\kelly\Desktop\stinger10.2.0.250.exe
[2011/08/22 22:27:07 | 000,000,000 | ---D | C] -- C:\Users\kelly\AppData\Local\NPE
[2011/08/22 22:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

========== Files - Modified Within 30 Days ==========

[2011/09/21 12:11:00 | 000,642,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/21 12:11:00 | 000,119,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/21 12:08:37 | 000,002,569 | ---- | M] () -- C:\Users\kelly\Desktop\Microsoft Office Word 2003.lnk
[2011/09/21 12:08:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/21 12:08:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/21 12:07:53 | 000,302,592 | ---- | M] () -- C:\Users\kelly\Desktop\8jw4wxfu.exe
[2011/09/20 10:36:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\kelly\Desktop\OTL.scr
[2011/09/20 10:08:10 | 000,436,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/20 10:08:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/18 22:46:18 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/09/17 13:48:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/17 13:47:57 | 000,000,732 | ---- | M] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Tarrasch (2).lnk
[2011/09/17 13:47:57 | 000,000,659 | ---- | M] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Tarrasch.lnk
[2011/09/17 13:36:12 | 004,214,521 | R--- | M] (Swearware) -- C:\Users\kelly\Desktop\ComboFix.exe
[2011/09/16 14:27:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/16 14:27:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/09 18:03:06 | 000,000,740 | ---- | M] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\burst!.lnk
[2011/09/09 16:21:54 | 000,000,164 | ---- | M] () -- C:\Users\kelly\AppData\Roaming\default.rss
[2011/09/09 14:19:49 | 008,570,384 | ---- | M] (Trend Micro Inc.) -- C:\Users\kelly\Desktop\RootkitBuster.exe
[2011/09/09 14:16:18 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\kelly\Desktop\HousecallLauncher.exe
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/30 00:40:29 | 000,509,254 | ---- | M] () -- C:\Users\kelly\AppData\Local\census.cache
[2011/08/30 00:39:56 | 000,191,520 | ---- | M] () -- C:\Users\kelly\AppData\Local\ars.cache
[2011/08/23 13:38:36 | 006,926,144 | ---- | M] (McAfee Inc.) -- C:\Users\kelly\Desktop\stinger10.2.0.250.exe
[2011/08/22 21:24:25 | 000,000,806 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011/08/22 20:47:11 | 000,022,032 | ---- | M] () -- C:\Windows\DCEBoot.exe
[2011/08/22 16:58:26 | 000,000,036 | ---- | M] () -- C:\Users\kelly\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2011/09/21 12:07:50 | 000,302,592 | ---- | C] () -- C:\Users\kelly\Desktop\8jw4wxfu.exe
[2011/09/17 14:30:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/09/17 13:47:57 | 000,000,732 | ---- | C] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Tarrasch (2).lnk
[2011/09/17 13:47:57 | 000,000,659 | ---- | C] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Tarrasch.lnk
[2011/09/17 13:36:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/17 13:36:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/17 13:36:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/17 13:36:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/17 13:36:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/16 14:27:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/16 14:27:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/09 18:03:06 | 000,000,740 | ---- | C] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\burst!.lnk
[2011/08/30 15:02:47 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/08/30 15:02:46 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/08/30 15:02:42 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/08/30 15:02:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/30 15:02:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/30 15:02:40 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/08/30 15:02:38 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/08/30 15:02:31 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/08/30 15:02:30 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/08/30 15:02:14 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/08/30 15:02:11 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/08/22 21:24:25 | 000,000,806 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2011/08/22 20:47:02 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/08/22 20:46:12 | 000,509,254 | ---- | C] () -- C:\Users\kelly\AppData\Local\census.cache
[2011/08/22 20:45:20 | 000,191,520 | ---- | C] () -- C:\Users\kelly\AppData\Local\ars.cache
[2011/08/22 16:58:26 | 000,000,036 | ---- | C] () -- C:\Users\kelly\AppData\Local\housecall.guid.cache
[2011/05/05 23:42:15 | 000,000,093 | ---- | C] () -- C:\Users\kelly\AppData\Local\fusioncache.dat
[2011/04/08 13:44:59 | 000,000,301 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/03/03 14:06:38 | 000,000,029 | ---- | C] () -- C:\Windows\WINCHESS.INI
[2011/01/16 17:55:40 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2010/08/01 11:41:55 | 000,038,453 | ---- | C] () -- C:\Users\kelly\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/05/09 12:16:32 | 000,118,873 | ---- | C] () -- C:\Windows\hpoins30.dat
[2010/05/09 12:16:32 | 000,000,449 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2010/05/06 14:03:43 | 000,000,164 | ---- | C] () -- C:\Users\kelly\AppData\Roaming\default.rss
[2010/05/03 12:00:49 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/04/30 19:35:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/04/30 18:42:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/30 18:04:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/30 17:38:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/30 15:53:57 | 000,023,552 | R--- | C] () -- C:\Users\kelly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 15:08:22 | 000,000,680 | R--- | C] () -- C:\Users\kelly\AppData\Local\d3d9caps.dat
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008/06/03 05:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/03 05:02:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/04/28 23:09:10 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/06 02:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/08/21 23:51:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2007/08/21 21:36:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,436,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,642,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,119,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/02/03 22:59:48 | 000,118,784 | ---- | C] () -- C:\Windows\System32\metaflac.exe
[2005/02/03 22:59:44 | 000,217,088 | ---- | C] () -- C:\Windows\System32\flac.exe
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/06/13 13:38:57 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\ChessBase
[2010/08/21 08:57:26 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2010/07/23 11:44:28 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010/12/26 11:51:18 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\Command and Conquer 4
[2010/10/30 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\Guitar Pro 6
[2010/10/19 08:02:58 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\LeapingBrain
[2011/03/24 21:49:41 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\SpinTop
[2011/09/09 18:32:51 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\tixati
[2011/09/09 14:16:13 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\uTorrent
[2011/09/20 10:06:12 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[1996/08/09 00:30:00 | 000,030,720 | R--- | M] (Microsoft Corporation) -- C:\REGSVR32.EXE


< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/09 10:36:14 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/09 10:36:14 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/09 10:36:14 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/09 10:36:15 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/09 10:36:15 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/09 10:36:15 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/09 10:36:14 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/09 10:36:14 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/09 10:36:14 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/09 10:36:15 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/09 10:36:15 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/09 10:36:15 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D158BAF9

< End of report >

OTL Extras Log


OTL Extras logfile created on: 9/21/2011 12:17:38 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\kelly\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 38.36% Memory free
6.69 Gb Paging File | 4.62 Gb Available in Paging File | 69.16% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.11 Gb Total Space | 231.71 Gb Free Space | 39.87% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.18 Gb Free Space | 67.86% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 64.59 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 13.82 Gb Free Space | 2.97% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 14.21 Gb Free Space | 1.53% Space Free | Partition Type: NTFS
Drive I: | 1862.36 Gb Total Space | 47.37 Gb Free Space | 2.54% Space Free | Partition Type: NTFS
Drive J: | 1862.36 Gb Total Space | 24.94 Gb Free Space | 1.34% Space Free | Partition Type: NTFS
Drive K: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOME-PC | User Name: kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe (JGsoft - Just Great Software)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1916383628-908312598-3602261186-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{272E008E-A377-4A6D-A38E-88DE8464C048}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2B5DE1EE-E0A5-46A1-839C-574725EC026C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{429C86B3-838E-4842-A830-CD08E987BD77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95D46F3E-902D-4CE3-B39C-790379ADB834}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B268D544-C7DE-4E12-9071-2502EE2A0A83}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B8C2A0EC-2C26-49C3-B1E9-77097F1769E0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BB1ED419-BCB7-493B-A4A4-1012897DBEDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E21992FE-A457-4F3A-B348-BE9A4331FC58}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03895483-9BE3-47AD-B3C0-92D742FB4797}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed™ hot pursuit\launcher.exe |
"{0DB71083-56A1-4105-AAD3-3106B97C7712}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"{1A13F43E-0221-4D70-89B8-DB37DB2CEF1D}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{25136897-1034-444C-8AF5-5D953BEA5A28}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{255A1CE1-06F7-4AC7-B025-D1E2EB517029}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{2D7F9BD6-9AD5-48FD-AC9E-BEB1F742F487}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{33B63E41-ADC9-401F-86AB-F9CDA129CAAF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4F49062E-982B-4AB4-889B-C420EB8B051C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{7A3CF755-FC94-4A40-AE55-43A8C9392218}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"{7A77A79E-A06A-4301-9E36-6073255A0F18}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{7BCBF15E-7143-4E60-AC01-F787566A0F3A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed™ hot pursuit\launcher.exe |
"{87ACCA46-04B4-4830-BCDA-F70D618CB8EC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{88CD64EE-08A5-4B57-B539-0B2E675CCE2C}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{A267B585-9AC9-4032-810E-72170C525CC0}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{A6069A0C-BAAD-4BEA-A9CA-C62F69746229}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{B306BC6F-02F6-4A2E-8149-1DBD078C12A6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{C823DB8A-750D-4327-BDD8-B61DD426A64A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F6C867F5-D63E-4D7B-A040-1AFF1D568E0E}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"TCP Query User{01136FE5-CF53-4859-BB20-B23855ADBF6D}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
"TCP Query User{50B5EC7B-8037-449F-BE8F-C881A8AA270F}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{52D46CBB-48B1-4578-B1A5-9548DC908670}C:\users\kelly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\kelly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{5EB105E2-23BC-4439-A232-68E7C0432DBE}C:\program files\arena_3.0\timeseal.exe" = protocol=6 | dir=in | app=c:\program files\arena_3.0\timeseal.exe |
"TCP Query User{68FC2383-1F0C-4240-9E08-F033463617C5}C:\program files\nero\nero 9\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 9\nero showtime\showtime.exe |
"TCP Query User{6B29944C-1163-405E-AE08-1FFD997335C1}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{6B2F4C6C-2B97-4A84-B12F-CE502463E34A}C:\program files\burst\core-new1.1.3\btdownloadheadless.exe" = protocol=6 | dir=in | app=c:\program files\burst\core-new1.1.3\btdownloadheadless.exe |
"TCP Query User{7204EC6D-EC05-48B5-B962-E1DF8B4E7272}C:\program files\electronic arts\need for speed™ hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed™ hot pursuit\nfs11.exe |
"TCP Query User{92AABA4C-73D5-4D53-B3D1-F3DDFAA8A529}C:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=c:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{AD26BE51-D590-4AB6-AF48-CE002F32780E}C:\program files\burst\core-new1.1.3\btdownloadheadless.exe" = protocol=6 | dir=in | app=c:\program files\burst\core-new1.1.3\btdownloadheadless.exe |
"TCP Query User{BCC93810-2A33-43C3-8BAF-0EC9197AB882}C:\quake\ezquake-gl.exe" = protocol=6 | dir=in | app=c:\quake\ezquake-gl.exe |
"TCP Query User{D2099494-422C-43BB-9310-8E1BB511B16B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1992E902-8695-4034-805E-F0200E669C47}C:\program files\arena_3.0\timeseal.exe" = protocol=17 | dir=in | app=c:\program files\arena_3.0\timeseal.exe |
"UDP Query User{207B36C1-EB42-43D6-9801-3583C87686E7}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{4016032B-B16B-4D50-A91F-A566DECD8818}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{48355487-8A81-4188-9BF7-BACD1A905445}C:\program files\burst\core-new1.1.3\btdownloadheadless.exe" = protocol=17 | dir=in | app=c:\program files\burst\core-new1.1.3\btdownloadheadless.exe |
"UDP Query User{596A8B2F-B0A8-4CC4-AB23-EA6B4DCAEA70}C:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=c:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{664D8353-E571-4FEF-891B-8D3A23B70E5A}C:\quake\ezquake-gl.exe" = protocol=17 | dir=in | app=c:\quake\ezquake-gl.exe |
"UDP Query User{66529145-C111-47A1-AE2C-A6EC89D68801}C:\program files\burst\core-new1.1.3\btdownloadheadless.exe" = protocol=17 | dir=in | app=c:\program files\burst\core-new1.1.3\btdownloadheadless.exe |
"UDP Query User{840259EC-D0C4-4C43-A601-A9E6110E45B3}C:\program files\electronic arts\need for speed™ hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed™ hot pursuit\nfs11.exe |
"UDP Query User{DC922AAD-2547-4211-A832-1B744DFC0493}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
"UDP Query User{E0BC7659-0ABA-42D1-B6EE-74657893AB1B}C:\program files\nero\nero 9\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 9\nero showtime\showtime.exe |
"UDP Query User{E8EC39AD-4E81-44D3-B48C-9552E14632B1}C:\users\kelly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\kelly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{FE5C43EB-A24A-4327-AFE2-03D6182352D2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{32626B60-151E-11D4-A8C5-0050DA353A30}" = Fritz 5.32
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41788aa2-34b4-4033-ab76-9f3d4473a303}" = Nero BackItUp 4
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D12D805-50B2-4287-B3B9-AD4D74F85693}" = BOINC
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer 4 Tiberian Twilight
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed™ Hot Pursuit
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{942EEA05-E3B1-4183-95BC-F6504BE05E45}" = Deep Rybka 3
"{971853BB-F530-442A-B780-F7E3A8EE13AD}" = Deep Fritz 12
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed Most Wanted
"{AE8A1CE1-EFBD-4ED9-9672-A50DB2D944E5}" = Deep Rybka 3
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer 3: Kane's Wrath
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d52fe806-3105-44a5-8d42-2291dec16463}" = InCD
"{d7a7b926-30e8-4ace-9e1a-10eb3761fa24}" = Nero 9
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DB55D872-A96B-4434-8110-CA7B755AD914}" = Fritz 12
"{DB6D5761-3A07-4DF6-A920-A9848A89679B}" = Guitar World Digital
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Aces High" = Aces High
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CDisplay_is1" = CDisplay 1.8
"ChessPad 2.0.1_is1" = ChessPad 2.0.1
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DjVuLibre+DjView" = DjVuLibre+DjView
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EditPad Pro 6" = JGsoft EditPad Pro 6 DEMO 6.0.1
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"FLAC" = FLAC Installer 1.1.2a (remove only)
"Foxit Reader" = Foxit Reader
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"GoToAssist" = GoToAssist Corporate
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Lunatics Unified Win32" = Lunatics Unified Win32 5.05.339
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PlayChess" = PlayChess
"QuicktimeAlt_is1" = QuickTime Alternative 1.66
"RealMedia" = RealMedia (remove only)
"Red Alert 2" = Command & Conquer Red Alert 2
"Red Baron Pack_is1" = Red Baron Pack
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Sierra Utilities" = Sierra Utilities
"Tarrasch Chess GUI_is1" = Tarrasch Chess GUI V1.95 Beta
"Tiberian Sun" = Command & Conquer Tiberian Sun
"tixati" = Tixati
"uTorrent" = Torrent
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.1
"WOLAPI" = Westwood Shared Internet Components
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = Torrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/9/2011 4:12:36 PM | Computer Name = home-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!W32.IRCBot in File: C:\Users\kelly\AppData\Local\temp\HouseCall\VS8L1QQ7.028
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 9/9/2011 6:06:22 PM | Computer Name = home-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!W32.IRCBot in File: C:\Users\kelly\AppData\Local\temp\HouseCall\VS8CP4OL.1E4
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 9/9/2011 6:06:26 PM | Computer Name = home-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!W32.IRCBot in File: C:\Users\kelly\AppData\Local\temp\HouseCall\VS8CP4OL.1E4
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 9/9/2011 6:06:31 PM | Computer Name = home-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!W32.IRCBot in File: C:\Users\kelly\AppData\Local\temp\HouseCall\VS8CP46S.028
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 9/9/2011 6:06:34 PM | Computer Name = home-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!W32.IRCBot in File: C:\Users\kelly\AppData\Local\temp\HouseCall\VS8CP46S.028
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 9/14/2011 9:26:39 AM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/16/2011 3:30:43 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/17/2011 2:37:16 PM | Computer Name = home-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged
Actor
Process: C:\ComboFix\PV.3XE (PID 5296) Time: Saturday, September 17, 2011 1:37:16
PM

Error - 9/20/2011 11:08:56 AM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/20/2011 8:56:50 PM | Computer Name = home-PC | Source = Application Error | ID = 1000
Description = Faulting application cnc3game.dat, version 1.9.2801.21826, time stamp
0x4703e7ab, faulting module cnc3game.dat, version 1.9.2801.21826, time stamp 0x4703e7ab,
exception code 0xc0000005, fault offset 0x00408014, process id 0x154c, application
start time 0x01cc77f3dfd52b3b.

[ System Events ]
Error - 9/13/2011 9:46:53 PM | Computer Name = home-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 9/17/2011 2:32:53 PM | Computer Name = home-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 67.162.106.172 for the Network Card with network
address 00219B280A73 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/17/2011 2:33:40 PM | Computer Name = home-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.10 for the Network Card with network
address 00219B280A73 has been denied by the DHCP server 68.87.72.13 (The DHCP Server
sent a DHCPNACK message).

Error - 9/17/2011 2:38:54 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9/17/2011 2:44:20 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9/17/2011 2:48:58 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9/17/2011 2:53:21 PM | Computer Name = home-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 67.162.106.172 for the Network Card with network
address 00219B280A73 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/17/2011 2:53:54 PM | Computer Name = home-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.10 for the Network Card with network
address 00219B280A73 has been denied by the DHCP server 68.87.72.13 (The DHCP Server
sent a DHCPNACK message).

Error - 9/20/2011 7:07:53 AM | Computer Name = home-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 9/21/2011 1:20:05 PM | Computer Name = home-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.


< End of report >

<b>GMER log</b>

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-21 14:07:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD642JJ rev.1AA01113
Running: 8jw4wxfu.exe; Driver: C:\Users\kelly\AppData\Local\Temp\pxldipow.sys


---- System - GMER 1.0.15 ----

SSDT 878B0350 ZwAlertResumeThread
SSDT 878B0430 ZwAlertThread
SSDT 878ABAD0 ZwAllocateVirtualMemory
SSDT 876E84F0 ZwConnectPort
SSDT 878C1FC0 ZwCreateMutant
SSDT 878AAEF8 ZwCreateThread
SSDT 878B0C88 ZwFreeVirtualMemory
SSDT 878B0190 ZwImpersonateAnonymousToken
SSDT 878B0270 ZwImpersonateThread
SSDT 878B0BA8 ZwMapViewOfSection
SSDT 878C1F00 ZwOpenEvent
SSDT 878ABBA0 ZwOpenProcessToken
SSDT 878B0908 ZwOpenThreadToken
SSDT \??\C:\Windows\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0x8F5F42F0]
SSDT \SystemRoot\SYSTEM32\Drivers\SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwQueryDefaultLocale [0x9A4F8830]
SSDT 878B7208 ZwResumeThread
SSDT 878B0828 ZwSetContextThread
SSDT 878B09F8 ZwSetInformationProcess
SSDT 878B0738 ZwSetInformationThread
SSDT 878C1E20 ZwSuspendProcess
SSDT 878B0578 ZwSuspendThread
SSDT 878AC368 ZwTerminateProcess
SSDT 878B0658 ZwTerminateThread
SSDT 878B0AE8 ZwUnmapViewOfSection
SSDT 878B0D58 ZwWriteVirtualMemory
SSDT \SystemRoot\SYSTEM32\Drivers\SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwCreateUserProcess [0x9A4F8780]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwQueryLicenseValue + B80 81C58C34 5 Bytes JMP 9A4F9C30 \SystemRoot\SYSTEM32\Drivers\SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation)
.text ntkrnlpa.exe!KeSetEvent + 11D 81CBA8A0 8 Bytes [50, 03, 8B, 87, 30, 04, 8B, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81CBA8B4 4 Bytes [D0, BA, 8A, 87]
.text ntkrnlpa.exe!KeSetEvent + 1C1 81CBA944 4 Bytes [F0, 84, 6E, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81CBA978 4 Bytes [C0, 1F, 8C, 87]
.text ntkrnlpa.exe!KeSetEvent + 221 81CBA9A4 4 Bytes [F8, AE, 8A, 87]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E60D000, 0x205494, 0xE8000020]
.text ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes [E9, C2, 5E, AB, E9] {JMP 0xffffffffe9ab5ec7}
.text ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes [E9, BC, 5E, AB, E9] {JMP 0xffffffffe9ab5ec1}
.text ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes [E9, 90, 5B, AB, E9] {JMP 0xffffffffe9ab5b95}
.text ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes [E9, 8A, 5B, AB, E9] {JMP 0xffffffffe9ab5b8f}
.text ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes [E9, 94, 58, AB, E9] {JMP 0xffffffffe9ab5899}
.text ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes [E9, 3E, 58, AB, E9] {JMP 0xffffffffe9ab5843}
.text ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes [E9, 48, 58, AB, E9] {JMP 0xffffffffe9ab584d}
.text ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes [E9, A2, 53, AB, E9] {JMP 0xffffffffe9ab53a7}
.text ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes [E9, BC, 51, AB, E9] {JMP 0xffffffffe9ab51c1}
.text ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes [E9, 86, 50, AB, E9] {JMP 0xffffffffe9ab508b}
.text ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes [E9, 20, 50, AB, E9] {JMP 0xffffffffe9ab5025}
.text ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes [E9, 06, 4B, AB, E9] {JMP 0xffffffffe9ab4b0b}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\Explorer.EXE[272] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[988] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\AUDIODG.EXE[1224] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Ati2evxx.exe[1376] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\Dwm.exe[1428] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1572] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1704] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Users\kelly\Desktop\8jw4wxfu.exe[1808] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2084] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2476] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2532] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\taskeng.exe[2536] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[2656] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2720] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[2732] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[2744] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2848] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe[2904] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3128] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\System32\svchost.exe[3312] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4560] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[5668] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtCreateFile + 5 77CB4229 5 Bytes JMP 6176A0F0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtCreateKey + 5 77CB4269 5 Bytes JMP 6176A12A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtDeleteFile + 5 77CB4609 5 Bytes JMP 6176A19E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtDeleteValueKey + 5 77CB4649 5 Bytes JMP 6176A1D8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtMapViewOfSection + 5 77CB4979 5 Bytes JMP 6176A212 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtOpenFile + 5 77CB4A09 5 Bytes JMP 6176A24C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtOpenKey + 5 77CB4A39 5 Bytes JMP 6176A286 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtRenameKey + 5 77CB4F19 5 Bytes JMP 6176A2C0 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtSetInformationFile + 5 77CB5139 5 Bytes JMP 6176A2FA C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtSetValueKey + 5 77CB52A9 5 Bytes JMP 6176A334 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtTerminateProcess + 5 77CB5349 5 Bytes JMP 6176A36E C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Windows\system32\WUDFHost.exe[5984] ntdll.dll!NtCreateUserProcess + 5 77CB5659 5 Bytes JMP 6176A164 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74C77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74CCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74C7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74C6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74C775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74C6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74CA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74C7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74C6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74C6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74C671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74CFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74C9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74C6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74C66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74C6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74C72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [01022F53] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [01022E8B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102303E] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCloseKey] [01022D0B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [01021BE0] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [01021BE0] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [01021AB4] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [01021BE0] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [01021BE0] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [01022D91] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [01022F53] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey] [01022D0B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [0102303E] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [01021AB4] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [01021BE0] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102303E] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [01022E8B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [01022F53] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [01022D0B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [01021AB4] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [01021BE0] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [01021AB4] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [01021BE0] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102303E] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [01022E8B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [01022D0B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [01021BE0] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [01021AB4] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [01022D0B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [01022D91] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [01022F53] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [01022E8B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [0102303E] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [01021AB4] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [01021BE0] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot] [01022708] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [01022D0B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102303E] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [01022E8B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [01022F53] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExW] [01022E8B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [0102303E] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] [01022D91] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] [01022F53] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegCloseKey] [01022D0B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [01021BE0] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [01021AB4] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [01022E8B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [0102303E] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCloseKey] [01022D0B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01021BFA] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [01021BE0] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [01022E8B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102303E] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe[1432] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCloseKey] [01022D0B] C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [0102EBCF] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [0102EB07] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102ECBA] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCloseKey] [0102E987] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0102D417] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0102D431] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0102D431] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [0102D417] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0102D431] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0102D2EB] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0102D417] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0102D431] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0102D417] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [0102EA0D] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [0102EBCF] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey] [0102E987] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [0102ECBA] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0102D2EB] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0102D431] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0102D417] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0102D2EB] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0102D431] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0102D417] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102ECBA] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [0102EB07] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [0102E987] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0102D417] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0102D2EB] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0102D431] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [0102E987] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [0102EA0D] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [0102EBCF] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [0102EB07] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [0102ECBA] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0102D2EB] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0102D417] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0102D431] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot] [0102E7FD] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [0102E987] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102ECBA] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [0102EB07] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [0102EBCF] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0102D2EB] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0102D417] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0102D431] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102ECBA] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [0102EB07] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [0102EBCF] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [0102E987] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0102D431] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [0102EB07] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [0102ECBA] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\InCD.exe[2952] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCloseKey] [0102E987] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [010172CD] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [01017205] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [010173B8] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCloseKey] [01017085] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [01015AF5] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01015B0F] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [01015B0F] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [01015AF5] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01015B0F] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [010159C9] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [01015AF5] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01015B0F] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [01015AF5] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [0101710B] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [010172CD] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey] [01017085] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [010173B8] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [010159C9] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01015B0F] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [01015AF5] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [010159C9] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01015B0F] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [01015AF5] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [010173B8] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [01017205] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [01017085] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [01015AF5] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [010159C9] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01015B0F] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [01017085] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [0101710B] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [010172CD] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [01017205] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [010173B8] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [010159C9] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [01015AF5] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01015B0F] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [010173B8] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [01017205] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [010172CD] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [01017085] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [010159C9] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [01015AF5] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01015B0F] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot] [01016EFB] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [01017085] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [010173B8] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [01017205] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [010172CD] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01015B0F] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [01017205] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [010173B8] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe[2964] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCloseKey] [01017085] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp wpsdrvnt.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp wpsdrvnt.sys
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Program Files\ChessBase\Chessbase - mega pack [rbc]\Chessbase - Ruy Lopez - Marshal Conter-Gambit (Tim Harding - Pdf Pgn CBH)\Chessbase - Ruy Lopez - Marshal Conter-Gambit (Tim Harding - Pdf Pgn CBH)\Total Marshall CD (Tim Harding)\HTML\ASSETS\GRAPHICS\_NOTES\MEGATI~1.MNO 121 bytes

---- EOF - GMER 1.0.15 ----


thanks again and look forward to your next post
tc
cormac
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi cormac,

Looks like Symantec if finding his own quarantine files and reporting them as virus. I think you used Symantec HouseCall and it removed some infection it found. Now your own antiviurs reporting that files as virus.

Security Risk Found!W32.IRCBot in File: C:\Users\kelly\AppData\Local\temp\HouseCall\VS8CP46S.028

If you still get alerts about files located in C:\Users\kelly\AppData\Local\temp\HouseCall\ then don't worry. They are already removed.

But let's make sure nothing has left on your system:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#6
cormac

cormac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok ran Kaspersky and it found nothing at all (thus no report to attach)

you mentioned it might not be mircbot which certainly is possible ... perhaps a couple other pieces of info also just to try and help you with analysis ... first i use Malwarebytes/full version regularly and have it on active protection most of the time ... when i ran a full scan that's when Symantec AntiVirus would pop up with a notice about mircbot but it would then say it deleted it ... however running Malwarebytes again gave the same results with Symantec popping up to say the same thing ... thus I assumed that neither was getting rid of mircbot ... so then i went to try the TrendMicro HouseCall which I always found to be pretty reliable in the past (perhaps it's not so much any longer? i'm sure you could advise on that) ... but it found nothing ...

in the meantime two other events led me to assume a problem ... one is that when logging into my Yahoo email account a window came up saying they thought my account was compromised and so i should change my password which i did ... then also uTorrent started crashing in a few minutes of starting and Malwarebytes was giving notices of a 'successfully blocked access to potentially malicious website' citing uTorrent.exe ... (i almost exclusively only download legal concert bootlegs from Dime-a-Dozen so not any malicious activity there and have never had a problem with is a things are scanned etc) ...

so perhaps mircbot is not the culprit (?) ... perhaps the additional info will help

thanks for the help so far and look forward to your next post
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi cormac,

Till now we've removed main infection and some leftovers. Please test your system and let me know how is it now. Also do OTL scan to see if anything left for us to remove.

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

  • 0

#8
cormac

cormac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
<b>OTL</b>

OTL logfile created on: 9/23/2011 7:37:18 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\kelly\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 61.05% Memory free
6.69 Gb Paging File | 5.39 Gb Available in Paging File | 80.65% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.11 Gb Total Space | 227.24 Gb Free Space | 39.10% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.18 Gb Free Space | 67.86% Space Free | Partition Type: NTFS
Drive J: | 1862.36 Gb Total Space | 25.04 Gb Free Space | 1.34% Space Free | Partition Type: NTFS
Drive K: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOME-PC | User Name: kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/20 10:36:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\kelly\Desktop\OTL.scr
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/12/05 18:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/12/05 16:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008/11/07 11:38:54 | 001,591,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe
PRC - [2008/11/07 11:38:52 | 001,486,872 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe
PRC - [2008/11/07 11:38:46 | 001,112,088 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\InCD.exe
PRC - [2008/11/07 11:38:46 | 000,108,568 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
PRC - [2008/04/04 21:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/04 20:55:38 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/04/04 20:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/02/01 03:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 03:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2009/08/11 22:21:20 | 001,021,440 | ---- | M] () -- C:\Program Files\AC3Filter\ac3filter_intl.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/10/05 10:17:44 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/12/05 18:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/12/05 16:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008/11/07 11:38:52 | 001,486,872 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2008/11/07 11:38:46 | 000,108,568 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2008/04/04 21:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/04/04 20:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/04/04 04:45:18 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/02/01 03:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 03:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/11 22:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (29077514)
DRV - File not found [File_System | Unknown | Running] -- -- (0953740drv)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/04 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110922.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110922.024\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 03:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/21 17:46:10 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/04/30 15:18:04 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/31 01:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/11 14:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 14:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 14:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 14:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/02/13 14:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/07 11:38:52 | 000,129,944 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2008/11/07 11:38:50 | 000,048,152 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/11/07 11:38:50 | 000,019,096 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\Windows\System32\drivers\InCDRec.sys -- (InCDRec)
DRV - [2008/11/07 11:38:48 | 000,041,880 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (InCDRm)
DRV - [2008/07/30 19:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/03 08:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/04 21:01:46 | 000,091,520 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/04/04 20:59:46 | 000,040,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/03/21 21:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/21 21:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/21 21:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/03/12 17:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/01/20 21:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008/01/17 20:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/10/30 22:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 22:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.chesscafe.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/09 10:36:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 21:34:41 | 000,000,000 | ---D | M]

[2010/04/30 16:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kelly\AppData\Roaming\Mozilla\Extensions
[2011/08/21 12:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions
[2010/05/01 18:24:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/18 12:45:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/30 16:43:15 | 000,000,000 | ---D | M] (BloodFire 3) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions\[email protected]
[2010/04/30 16:44:25 | 000,000,000 | ---D | M] (Gradient Brushed Metal) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions\[email protected]
[2010/04/30 16:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\extensions\[email protected]\mozapps\extensions
[2010/10/30 20:53:44 | 000,005,471 | ---- | M] () -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\searchplugins\googlecom-in-english.xml
[2010/10/30 20:53:27 | 000,001,504 | ---- | M] () -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\searchplugins\imdb.xml
[2010/10/30 20:53:01 | 000,004,140 | ---- | M] () -- C:\Users\kelly\AppData\Roaming\Mozilla\Firefox\Profiles\5ab9u3r5.default\searchplugins\youtube.xml
[2011/07/15 14:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 14:23:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/09 18:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/17 18:42:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/02 15:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/15 14:21:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/09 10:36:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/05/12 21:34:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/17 13:48:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBHGui] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopc...oad/SOPCORE.CAB (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37EB1543-0E28-4963-AC51-7DD0D9B06ED3}: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\wallpaper\godzilla_versus_titanic.jpg
O24 - Desktop BackupWallPaper: C:\wallpaper\godzilla_versus_titanic.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - K:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/22 11:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/09/21 14:19:04 | 000,000,000 | ---D | C] -- C:\Users\kelly\Desktop\malware stuff for geeks online
[2011/09/20 10:36:14 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\kelly\Desktop\OTL.scr
[2011/09/17 13:51:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/17 13:51:12 | 000,000,000 | ---D | C] -- C:\Users\kelly\AppData\Local\temp
[2011/09/17 13:36:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/17 13:36:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/17 13:36:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/16 14:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/09/09 18:21:10 | 000,000,000 | ---D | C] -- C:\Users\kelly\AppData\Roaming\tixati
[2011/09/09 18:21:01 | 000,000,000 | ---D | C] -- C:\Users\kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
[2011/09/09 18:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\tixati
[2011/09/09 14:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/09/09 14:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011/09/09 14:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/09/09 14:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2011/09/09 14:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/30 19:00:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/08/30 19:00:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/08/30 19:00:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/08/30 15:40:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/29 18:40:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/29 18:40:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/25 15:50:19 | 000,000,000 | ---D | C] -- C:\Users\kelly\AppData\Local\CrashDumps

========== Files - Modified Within 30 Days ==========

[2011/09/23 06:18:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/23 06:18:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/22 11:48:08 | 098,462,208 | ---- | M] () -- C:\Users\kelly\Desktop\setup_11.0.0.1245.x01_2011_09_22_19_11.exe
[2011/09/21 15:10:00 | 000,642,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/21 15:10:00 | 000,119,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/21 14:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/21 12:08:37 | 000,002,569 | ---- | M] () -- C:\Users\kelly\Desktop\Microsoft Office Word 2003.lnk
[2011/09/20 10:36:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\kelly\Desktop\OTL.scr
[2011/09/20 10:08:10 | 000,436,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/18 22:46:18 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/09/17 13:48:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/17 13:47:57 | 000,000,732 | ---- | M] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Tarrasch (2).lnk
[2011/09/17 13:47:57 | 000,000,659 | ---- | M] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Tarrasch.lnk
[2011/09/16 14:27:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/16 14:27:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/09 18:03:06 | 000,000,740 | ---- | M] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\burst!.lnk
[2011/09/09 16:21:54 | 000,000,164 | ---- | M] () -- C:\Users\kelly\AppData\Roaming\default.rss
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/30 00:40:29 | 000,509,254 | ---- | M] () -- C:\Users\kelly\AppData\Local\census.cache
[2011/08/30 00:39:56 | 000,191,520 | ---- | M] () -- C:\Users\kelly\AppData\Local\ars.cache

========== Files Created - No Company Name ==========

[2011/09/22 11:47:11 | 098,462,208 | ---- | C] () -- C:\Users\kelly\Desktop\setup_11.0.0.1245.x01_2011_09_22_19_11.exe
[2011/09/17 14:30:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/09/17 13:47:57 | 000,000,732 | ---- | C] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Tarrasch (2).lnk
[2011/09/17 13:47:57 | 000,000,659 | ---- | C] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Tarrasch.lnk
[2011/09/17 13:36:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/17 13:36:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/17 13:36:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/17 13:36:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/17 13:36:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/16 14:27:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/16 14:27:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/09 18:03:06 | 000,000,740 | ---- | C] () -- C:\Users\kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\burst!.lnk
[2011/08/30 15:02:47 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/08/30 15:02:46 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/08/30 15:02:42 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/08/30 15:02:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/30 15:02:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/30 15:02:40 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/08/30 15:02:38 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/08/30 15:02:31 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/08/30 15:02:30 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/08/30 15:02:14 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/08/30 15:02:11 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/08/22 20:47:02 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/08/22 20:46:12 | 000,509,254 | ---- | C] () -- C:\Users\kelly\AppData\Local\census.cache
[2011/08/22 20:45:20 | 000,191,520 | ---- | C] () -- C:\Users\kelly\AppData\Local\ars.cache
[2011/08/22 16:58:26 | 000,000,036 | ---- | C] () -- C:\Users\kelly\AppData\Local\housecall.guid.cache
[2011/05/05 23:42:15 | 000,000,093 | ---- | C] () -- C:\Users\kelly\AppData\Local\fusioncache.dat
[2011/04/08 13:44:59 | 000,000,301 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/03/03 14:06:38 | 000,000,029 | ---- | C] () -- C:\Windows\WINCHESS.INI
[2011/01/16 17:55:40 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2010/08/01 11:41:55 | 000,038,453 | ---- | C] () -- C:\Users\kelly\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/05/09 12:16:32 | 000,118,873 | ---- | C] () -- C:\Windows\hpoins30.dat
[2010/05/09 12:16:32 | 000,000,449 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2010/05/06 14:03:43 | 000,000,164 | ---- | C] () -- C:\Users\kelly\AppData\Roaming\default.rss
[2010/05/03 12:00:49 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/04/30 19:35:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/04/30 18:42:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/30 18:04:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/30 17:38:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/30 15:53:57 | 000,023,552 | R--- | C] () -- C:\Users\kelly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 15:08:22 | 000,000,680 | R--- | C] () -- C:\Users\kelly\AppData\Local\d3d9caps.dat
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008/06/03 05:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/03 05:02:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/04/28 23:09:10 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/06 02:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/08/21 23:51:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2007/08/21 21:36:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,436,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,642,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,119,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/02/03 22:59:48 | 000,118,784 | ---- | C] () -- C:\Windows\System32\metaflac.exe
[2005/02/03 22:59:44 | 000,217,088 | ---- | C] () -- C:\Windows\System32\flac.exe
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/06/13 13:38:57 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\ChessBase
[2010/08/21 08:57:26 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2010/07/23 11:44:28 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010/12/26 11:51:18 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\Command and Conquer 4
[2010/10/30 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\Guitar Pro 6
[2010/10/19 08:02:58 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\LeapingBrain
[2011/03/24 21:49:41 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\SpinTop
[2011/09/09 18:32:51 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\tixati
[2011/09/22 17:40:05 | 000,000,000 | ---D | M] -- C:\Users\kelly\AppData\Roaming\uTorrent
[2011/09/21 14:16:26 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D158BAF9

< End of report >
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi cormac,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendors patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#10
cormac

cormac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok great ... did all that and everything so that's it?

was it mircbot or was it something else you could see, or several things?

is there a different malware program than malwarebytes to run along with symantec as constant protection?

thanks for all the help
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi cormac,

There was several things including version of mircbot. I'm glad we take them all away :unsure:.

I don't run any anti-spyware beside malwarebytes. I think it quiet good protection along with your anti-virus solution.

Hope this helps. Goodbye and stay safe :)
  • 0

#12
cormac

cormac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
thanks so much and thanks for all your help :)
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP