Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Mutiple Trojan alerts (APQ.tmp)


(!)

ninjitsuboy's Avatar
ninjitsuboy ninjitsuboy is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Beginner
13-Jun-2010, 03:08 PM #1
Mutiple Trojan alerts (APQ.tmp)
hello, I'm a newbie when it comes down to computers so please forgive me if I can't explain things fully.
I've recently been alerted by norton antivirus about a trojan horse APQ.tmp but it seems to be reduplicating itself as norton antivirus is alerting about more of them i.e. APQB3 ect.
it began happening when I download and installed another antivrus program called Bullguard so please help I do not know what to do I'm currently using windows XP
ninjitsuboy's Avatar
ninjitsuboy ninjitsuboy is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Beginner
14-Jun-2010, 10:54 AM #2
Another problem is whenever my computer loads up it says AvManRes is not found what is that?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,923 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Jun-2010, 10:59 AM #3
First clear your Java cache as shown http://www.java.com/en/download/help/5000020300.xml
Then follow advice here and post the logs those programs make in your next reply to this topic
ninjitsuboy's Avatar
ninjitsuboy ninjitsuboy is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Beginner
17-Jun-2010, 03:53 PM #4
Umm, I cant find the Java icon in the control panel or is it somewhere else?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,923 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
17-Jun-2010, 06:47 PM #5
skip that step then
ninjitsuboy's Avatar
ninjitsuboy ninjitsuboy is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Beginner
19-Jun-2010, 08:06 AM #6
Umm this is probably going to be my last post because right now I'm just swamped with revision and work as I have my exams right now and I cannot deal with the computer problems, I'll probably when I have time create a new topic. Sorry to waste your time But thanks for trying to help me

Should I mark this topic as solved or should I just leave it to close?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,923 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
19-Jun-2010, 10:25 AM #7
Do NOT use the computer at all until you have it fixed
ninjitsuboy's Avatar
ninjitsuboy ninjitsuboy is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Beginner
23-Jun-2010, 02:55 PM #8
Hello again, I managed to quickly find time to respond if you see this then thanks I've done the scans and here are the results
DDS txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 23:00:06.12 on 22/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.449 [GMT 1:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\User\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mWinlogon: SFCDisable=-99 (0xffffff9d)
mWinlogon: Shell=Explorer.exe %windir%\system32\drivers\Regv.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\35kmanhv.default\
FF - component: c:\program files\bullguard ltd\bullguard\antiphishing\ff\antiphishing@bullguard\components\BGFFCompone nt.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-18 2189240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-14 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100620.006\NAVENG.SY S [2010-6-20 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100620.006\NAVEX15 .SYS [2010-6-20 1347504]
R4 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys --> c:\windows\system32\drivers\afwcore.sys [?]
R4 BdSpy;BdSpy;c:\windows\system32\drivers\bdspy.sys --> c:\windows\system32\drivers\BdSpy.sys [?]
S2 Regv Controler;Regv Controler;"c:\windows\system32\drivers\regv.exe" --> c:\windows\system32\drivers\Regv.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2010-06-21 17:34:03 0 d-sh--w- c:\documents and settings\user\IECompatCache
2010-06-21 17:33:30 0 d-sh--w- c:\documents and settings\user\PrivacIE
2010-06-21 17:20:56 0 d-sh--w- c:\documents and settings\user\IETldCache
2010-06-20 18:23:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-20 18:23:40 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-20 18:23:39 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-20 18:23:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-20 18:23:37 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-20 18:23:35 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-20 18:23:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-20 18:23:08 0 d-----w- c:\windows\ie8updates
2010-06-20 18:22:44 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-20 18:15:56 0 dc-h--w- c:\windows\ie8
2010-06-19 15:18:16 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-19 15:18:16 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-19 15:14:46 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-19 14:58:46 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-19 14:51:44 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-06-19 14:48:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-19 14:43:12 0 d-----w- c:\windows\system32\KB905474
2010-06-19 14:40:09 0 d-----w- c:\windows\system32\PreInstall
2010-06-19 14:38:52 0 d--h--w- c:\windows\$hf_mig$
2010-06-19 14:10:19 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-06-19 14:08:34 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-19 14:08:31 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-19 14:08:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-19 13:26:51 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-06-19 12:12:20 0 d-sha-r- C:\cmdcons
2010-06-19 12:08:27 98816 ----a-w- c:\windows\sed.exe
2010-06-19 12:08:27 77312 ----a-w- c:\windows\MBR.exe
2010-06-19 12:08:27 256512 ----a-w- c:\windows\PEV.exe
2010-06-19 12:08:27 161792 ----a-w- c:\windows\SWREG.exe
2010-06-14 19:19:49 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-06-14 19:19:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-05 15:59:11 0 d-----w- c:\docume~1\alluse~1\applic~1\BullGuard
2010-06-05 15:58:24 0 d-----w- c:\program files\BullGuard Ltd

==================== Find3M ====================

2010-06-17 21:06:22 150848 ----a-w- c:\windows\system32\BGLsp.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 11:40:07 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2001-11-23 11:08:20 712704 ----a-w- c:\windows\inf\other\AUDIO3D.DLL

============= FINISH: 23:01:06.03 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17/05/2009 13:52:43
System Uptime: 22/06/2010 21:27:10 (2 hours ago)

Motherboard: | | K7S8X.
Processor: AMD Athlon(tm) XP 2600+ | Socket-A | 2087/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 28.095 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP40: 03/02/2010 17:16:04 - System Checkpoint
RP41: 23/03/2010 17:51:17 - System Checkpoint
RP42: 08/04/2010 19:46:59 - System Checkpoint
RP43: 16/04/2010 12:48:26 - System Checkpoint
RP44: 18/04/2010 22:26:43 - System Checkpoint
RP45: 21/04/2010 20:08:11 - System Checkpoint
RP46: 25/04/2010 12:24:35 - System Checkpoint
RP47: 28/04/2010 21:34:09 - System Checkpoint
RP48: 30/04/2010 19:54:36 - System Checkpoint
RP49: 12/06/2010 14:59:56 - System Checkpoint
RP50: 13/06/2010 20:09:53 - System Checkpoint
RP51: 17/06/2010 19:32:01 - System Checkpoint
RP52: 19/06/2010 13:08:43 - ComboFix created restore point
RP53: 19/06/2010 15:38:42 - Software Distribution Service 3.0
RP54: 19/06/2010 16:55:44 - Software Distribution Service 3.0
RP55: 20/06/2010 18:15:53 - Software Distribution Service 3.0
RP56: 20/06/2010 19:06:31 - Software Distribution Service 3.0
RP57: 21/06/2010 18:38:04 - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
C-Media 3D Audio
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
LiveUpdate 3.3 (Symantec Corporation)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft LifeCam
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSVCRT
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Segoe UI
Symantec Endpoint Protection
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime

==== Event Viewer Messages From Past Week ========

22/06/2010 21:36:41, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/06/2010 21:36:41, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
22/06/2010 21:36:22, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
21/06/2010 18:34:39, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
20/06/2010 18:12:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
20/06/2010 18:12:40, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/06/2010 18:11:09, error: PlugPlayManager [11] - The device Root\LEGACY_SYMSMR100\0000 disappeared from the system without first being prepared for removal.
15/06/2010 20:44:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx
15/06/2010 20:44:41, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.
15/06/2010 20:41:58, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
15/06/2010 20:11:19, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
15/06/2010 11:11:32, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
15/06/2010 07:56:59, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

Ark.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-22 23:31:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pfloykow.sys


---- System - GMER 1.0.15 ----

SSDT 866A9DF0 ZwAlertResumeThread
SSDT 865883F0 ZwAlertThread
SSDT 865E2DB0 ZwAllocateVirtualMemory
SSDT 865461D8 ZwConnectPort
SSDT 865C9670 ZwCreateMutant
SSDT 86566008 ZwCreateThread
SSDT 86677580 ZwFreeVirtualMemory
SSDT 866A82F8 ZwImpersonateAnonymousToken
SSDT 866A9D18 ZwImpersonateThread
SSDT 86566730 ZwMapViewOfSection
SSDT 86526360 ZwOpenEvent
SSDT 8667CC98 ZwOpenProcessToken
SSDT 86556CE8 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0xF7A54280]
SSDT SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwQueryDefaultLocale [0xF76577B0]
SSDT 86688F90 ZwResumeThread
SSDT 865911F8 ZwSetContextThread
SSDT 865650F0 ZwSetInformationProcess
SSDT 865D62A8 ZwSetInformationThread
SSDT 865480D0 ZwSuspendProcess
SSDT 86589240 ZwSuspendThread
SSDT 86655E90 ZwTerminateProcess
SSDT 865894B8 ZwTerminateThread
SSDT 85EC4250 ZwUnmapViewOfSection
SSDT 86571120 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 250 804E28BC 4 Bytes CALL 5BD47E2D
.text ntoskrnl.exe!_abnormal_termination + 3DC 804E2A48 2 Bytes [F0, 50]
.text ntoskrnl.exe!_abnormal_termination + 3DF 804E2A4B 5 Bytes [86, A8, 62, 5D, 86]
.text ntoskrnl.exe!_abnormal_termination + 4A0 804E2B0C 2 Bytes [20, 11] {AND [ECX], DL}
.text ntoskrnl.exe!_abnormal_termination + 4A3 804E2B0F 1 Byte [86]
? C:\WINDOWS\system32\drivers\wpsdrvnt.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


Thank you again if you see this post and sorry for my inconvience.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,923 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
24-Jun-2010, 02:38 AM #9
that is badly infected

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
ninjitsuboy's Avatar
ninjitsuboy ninjitsuboy is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Beginner
24-Jun-2010, 03:42 PM #10
Heres the log

ComboFix 10-06-23.05 - User 24/06/2010 21:31:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.611 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2010-06-21 17:33 . 2010-06-21 17:33 -------- d-sh--w- c:\documents and settings\User\PrivacIE
2010-06-21 17:20 . 2010-06-21 17:20 -------- d-sh--w- c:\documents and settings\User\IETldCache
2010-06-20 18:23 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-20 18:23 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-20 18:23 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-20 18:23 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-20 18:23 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-20 18:23 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-20 18:23 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-20 18:23 . 2010-06-21 17:43 -------- d-----w- c:\windows\ie8updates
2010-06-20 18:22 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-20 18:15 . 2010-06-20 18:22 -------- dc-h--w- c:\windows\ie8
2010-06-19 15:18 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-19 15:18 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-19 15:14 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-19 14:58 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-19 14:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-06-19 14:48 . 2010-06-19 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-19 14:47 . 2010-06-19 14:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\NPE
2010-06-19 14:43 . 2010-06-19 14:43 -------- d-----w- c:\windows\system32\KB905474
2010-06-19 14:38 . 2010-06-21 17:43 -------- d--h--w- c:\windows\$hf_mig$
2010-06-19 14:10 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-06-19 14:08 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-19 14:08 . 2010-02-17 08:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-19 14:08 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-05 17:20 . 2010-06-05 17:20 0 ----a-w- c:\windows\nsreg.dat
2010-06-05 17:20 . 2010-06-05 17:20 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 11:40 . 2009-08-22 15:51 1744 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtM gr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetM gr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symant ec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/06/2010 21:30 102448]
S2 Regv Controler;Regv Controler;"c:\windows\system32\drivers\Regv.exe" --> c:\windows\system32\drivers\Regv.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/05/2007 13:55 23888]
.
Contents of the 'Scheduled Tasks' folder

2010-06-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-19 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\35kmanhv.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-BsScanner



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 21:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-24 21:38:35
ComboFix-quarantined-files.txt 2010-06-24 20:38
ComboFix2.txt 2010-06-19 12:20

Pre-Run: 30,122,684,416 bytes free
Post-Run: 30,148,730,880 bytes free

- - End Of File - - 6CB67C35C8BD0B4FCABCC04F8DAF8D21


Thanks for the fast reply I'll be able to follow your orders and reply back as I have a few days off my exams
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,923 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
24-Jun-2010, 03:56 PM #11
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like [38]-Submit_2008-01-17@17.50.zip

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38]-Submit_2008-01-17@17.50.zip

Ifv there is no zip file don't worry as the file might have already been deleted by your antivirus, in which case just post the new combofix report & tell us how it is
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
ninjitsuboy's Avatar
ninjitsuboy ninjitsuboy is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Beginner
26-Jun-2010, 06:46 AM #12
I've done what you instructed but I cannot find the zip file
but here is the log

ComboFix 10-06-25.04 - User 26/06/2010 12:23:27.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.617 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFWCORE
-------\Legacy_BDSPY
-------\Legacy_REGV_CONTROLER
-------\Service_Regv Controler
-------\Service_vsdatant


((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2010-06-21 17:33 . 2010-06-21 17:33 -------- d-sh--w- c:\documents and settings\User\PrivacIE
2010-06-21 17:20 . 2010-06-21 17:20 -------- d-sh--w- c:\documents and settings\User\IETldCache
2010-06-20 18:23 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-20 18:23 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-20 18:23 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-20 18:23 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-20 18:23 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-20 18:23 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-20 18:23 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-20 18:23 . 2010-06-21 17:43 -------- d-----w- c:\windows\ie8updates
2010-06-20 18:22 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-20 18:15 . 2010-06-20 18:22 -------- dc-h--w- c:\windows\ie8
2010-06-19 15:18 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-19 15:18 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-19 15:14 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-19 14:58 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-19 14:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-06-19 14:48 . 2010-06-19 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-19 14:47 . 2010-06-19 14:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\NPE
2010-06-19 14:43 . 2010-06-19 14:43 -------- d-----w- c:\windows\system32\KB905474
2010-06-19 14:38 . 2010-06-21 17:43 -------- d--h--w- c:\windows\$hf_mig$
2010-06-19 14:10 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-06-19 14:08 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-19 14:08 . 2010-02-17 08:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-19 14:08 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-05 17:20 . 2010-06-05 17:20 0 ----a-w- c:\windows\nsreg.dat
2010-06-05 17:20 . 2010-06-05 17:20 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 11:40 . 2009-08-22 15:51 1744 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtM gr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetM gr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symant ec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/06/2010 21:30 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/05/2007 13:55 23888]
.
Contents of the 'Scheduled Tasks' folder

2010-06-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-19 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\35kmanhv.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 12:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
.
**************************************************************************
.
Completion time: 2010-06-26 12:38:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-26 11:38
ComboFix2.txt 2010-06-24 20:38
ComboFix3.txt 2010-06-19 12:20

Pre-Run: 30,142,169,088 bytes free
Post-Run: 30,098,522,112 bytes free

- - End Of File - - C69A0FC83C5B2E22A8C784FD834B50FD

The computer seems to run much faster and now there isn't anymore pop up from symantec about trojans. Thank you and I'll just standby till I receive your reply
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,923 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
26-Jun-2010, 09:22 AM #13
how is it now
ninjitsuboy's Avatar
ninjitsuboy ninjitsuboy is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Beginner
26-Jun-2010, 10:26 AM #14
Um, what do you mean by how is it now exactly?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,923 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
26-Jun-2010, 11:38 AM #15
exactly what it says

If you don't know then what is the point of me trying to help you. I can't see your copmputer, you can!

Are you still getting error messages or virus alerts or any other weird behaviour
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Fake Alert nioc98 Virus & Other Malware Removal 0 09-Mar-2010 03:19 PM
rootkit pakes.m trojan found bramdx Virus & Other Malware Removal 0 18-Aug-2009 02:23 PM
Everything in security center not working had trojan alert. Cannot open antivirus. CPUMadness Virus & Other Malware Removal 31 07-Aug-2009 10:09 PM
Eset Trojan Alerts jugglera=) Virus & Other Malware Removal 0 11-Feb-2009 01:56 PM
Trojan alert, help me! Mrs. Bates Virus & Other Malware Removal 1 24-Oct-2008 03:29 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑