1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Mutiple Trojan alerts (APQ.tmp)

Discussion in 'Virus & Other Malware Removal' started by ninjitsuboy, Jun 13, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. ninjitsuboy

    ninjitsuboy Thread Starter

    Joined:
    Jun 13, 2010
    Messages:
    11
    hello, I'm a newbie when it comes down to computers so please forgive me if I can't explain things fully.
    I've recently been alerted by norton antivirus about a trojan horse APQ.tmp but it seems to be reduplicating itself as norton antivirus is alerting about more of them i.e. APQB3 ect.
    it began happening when I download and installed another antivrus program called Bullguard so please help I do not know what to do I'm currently using windows XP
     
  2. ninjitsuboy

    ninjitsuboy Thread Starter

    Joined:
    Jun 13, 2010
    Messages:
    11
    Another problem is whenever my computer loads up it says AvManRes is not found what is that?
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,812
  4. ninjitsuboy

    ninjitsuboy Thread Starter

    Joined:
    Jun 13, 2010
    Messages:
    11
    Umm, I cant find the Java icon in the control panel or is it somewhere else?
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,812
    skip that step then
     
  6. ninjitsuboy

    ninjitsuboy Thread Starter

    Joined:
    Jun 13, 2010
    Messages:
    11
    Umm this is probably going to be my last post because right now I'm just swamped with revision and work as I have my exams right now and I cannot deal with the computer problems, I'll probably when I have time create a new topic. Sorry to waste your time :( But thanks for trying to help me

    Should I mark this topic as solved or should I just leave it to close?
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,812
    Do NOT use the computer at all until you have it fixed
     
  8. ninjitsuboy

    ninjitsuboy Thread Starter

    Joined:
    Jun 13, 2010
    Messages:
    11
    Hello again, I managed to quickly find time to respond if you see this then thanks I've done the scans and here are the results
    DDS txt

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by User at 23:00:06.12 on 22/06/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.449 [GMT 1:00]

    AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\User\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    mWinlogon: SFCDisable=-99 (0xffffff9d)
    mWinlogon: Shell=Explorer.exe %windir%\system32\drivers\Regv.exe
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [VX1000] c:\windows\vVX1000.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\35kmanhv.default\
    FF - component: c:\program files\bullguard ltd\bullguard\antiphishing\ff\antiphishing@bullguard\components\BGFFComponent.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-18 2189240]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-14 102448]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100620.006\NAVENG.SYS [2010-6-20 85552]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100620.006\NAVEX15.SYS [2010-6-20 1347504]
    R4 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys --> c:\windows\system32\drivers\afwcore.sys [?]
    R4 BdSpy;BdSpy;c:\windows\system32\drivers\bdspy.sys --> c:\windows\system32\drivers\BdSpy.sys [?]
    S2 Regv Controler;Regv Controler;"c:\windows\system32\drivers\regv.exe" --> c:\windows\system32\drivers\Regv.exe [?]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
    S4 vsdatant;vsdatant;a --> a [?]

    =============== Created Last 30 ================

    2010-06-21 17:34:03 0 d-sh--w- c:\documents and settings\user\IECompatCache
    2010-06-21 17:33:30 0 d-sh--w- c:\documents and settings\user\PrivacIE
    2010-06-21 17:20:56 0 d-sh--w- c:\documents and settings\user\IETldCache
    2010-06-20 18:23:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-20 18:23:40 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-20 18:23:39 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-20 18:23:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-20 18:23:37 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-06-20 18:23:35 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-06-20 18:23:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-20 18:23:08 0 d-----w- c:\windows\ie8updates
    2010-06-20 18:22:44 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-06-20 18:15:56 0 dc-h--w- c:\windows\ie8
    2010-06-19 15:18:16 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-06-19 15:18:16 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-06-19 15:14:46 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-06-19 14:58:46 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-06-19 14:51:44 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-06-19 14:48:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
    2010-06-19 14:43:12 0 d-----w- c:\windows\system32\KB905474
    2010-06-19 14:40:09 0 d-----w- c:\windows\system32\PreInstall
    2010-06-19 14:38:52 0 d--h--w- c:\windows\$hf_mig$
    2010-06-19 14:10:19 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
    2010-06-19 14:08:34 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-06-19 14:08:31 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-06-19 14:08:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-06-19 13:26:51 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-06-19 12:12:20 0 d-sha-r- C:\cmdcons
    2010-06-19 12:08:27 98816 ----a-w- c:\windows\sed.exe
    2010-06-19 12:08:27 77312 ----a-w- c:\windows\MBR.exe
    2010-06-19 12:08:27 256512 ----a-w- c:\windows\PEV.exe
    2010-06-19 12:08:27 161792 ----a-w- c:\windows\SWREG.exe
    2010-06-14 19:19:49 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
    2010-06-14 19:19:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-06-05 15:59:11 0 d-----w- c:\docume~1\alluse~1\applic~1\BullGuard
    2010-06-05 15:58:24 0 d-----w- c:\program files\BullGuard Ltd

    ==================== Find3M ====================

    2010-06-17 21:06:22 150848 ----a-w- c:\windows\system32\BGLsp.dll
    2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-13 11:40:07 1744 ----a-w- c:\windows\system32\d3d9caps.dat
    2001-11-23 11:08:20 712704 ----a-w- c:\windows\inf\other\AUDIO3D.DLL

    ============= FINISH: 23:01:06.03 ===============

    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 17/05/2009 13:52:43
    System Uptime: 22/06/2010 21:27:10 (2 hours ago)

    Motherboard: | | K7S8X.
    Processor: AMD Athlon(tm) XP 2600+ | Socket-A | 2087/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 37 GiB total, 28.095 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP40: 03/02/2010 17:16:04 - System Checkpoint
    RP41: 23/03/2010 17:51:17 - System Checkpoint
    RP42: 08/04/2010 19:46:59 - System Checkpoint
    RP43: 16/04/2010 12:48:26 - System Checkpoint
    RP44: 18/04/2010 22:26:43 - System Checkpoint
    RP45: 21/04/2010 20:08:11 - System Checkpoint
    RP46: 25/04/2010 12:24:35 - System Checkpoint
    RP47: 28/04/2010 21:34:09 - System Checkpoint
    RP48: 30/04/2010 19:54:36 - System Checkpoint
    RP49: 12/06/2010 14:59:56 - System Checkpoint
    RP50: 13/06/2010 20:09:53 - System Checkpoint
    RP51: 17/06/2010 19:32:01 - System Checkpoint
    RP52: 19/06/2010 13:08:43 - ComboFix created restore point
    RP53: 19/06/2010 15:38:42 - Software Distribution Service 3.0
    RP54: 19/06/2010 16:55:44 - Software Distribution Service 3.0
    RP55: 20/06/2010 18:15:53 - Software Distribution Service 3.0
    RP56: 20/06/2010 19:06:31 - Software Distribution Service 3.0
    RP57: 21/06/2010 18:38:04 - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    C-Media 3D Audio
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    LiveUpdate 3.3 (Symantec Corporation)
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft LifeCam
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.3)
    MSVCRT
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB982381)
    Segoe UI
    Symantec Endpoint Protection
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime

    ==== Event Viewer Messages From Past Week ========

    22/06/2010 21:36:41, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    22/06/2010 21:36:41, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
    22/06/2010 21:36:22, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
    21/06/2010 18:34:39, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    20/06/2010 18:12:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    20/06/2010 18:12:40, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    20/06/2010 18:11:09, error: PlugPlayManager [11] - The device Root\LEGACY_SYMSMR100\0000 disappeared from the system without first being prepared for removal.
    15/06/2010 20:44:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx
    15/06/2010 20:44:41, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.
    15/06/2010 20:41:58, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    15/06/2010 20:11:19, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    15/06/2010 11:11:32, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    15/06/2010 07:56:59, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

    ==== End Of File ===========================

    Ark.txt
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-06-22 23:31:44
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pfloykow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 866A9DF0 ZwAlertResumeThread
    SSDT 865883F0 ZwAlertThread
    SSDT 865E2DB0 ZwAllocateVirtualMemory
    SSDT 865461D8 ZwConnectPort
    SSDT 865C9670 ZwCreateMutant
    SSDT 86566008 ZwCreateThread
    SSDT 86677580 ZwFreeVirtualMemory
    SSDT 866A82F8 ZwImpersonateAnonymousToken
    SSDT 866A9D18 ZwImpersonateThread
    SSDT 86566730 ZwMapViewOfSection
    SSDT 86526360 ZwOpenEvent
    SSDT 8667CC98 ZwOpenProcessToken
    SSDT 86556CE8 ZwOpenThreadToken
    SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0xF7A54280]
    SSDT SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwQueryDefaultLocale [0xF76577B0]
    SSDT 86688F90 ZwResumeThread
    SSDT 865911F8 ZwSetContextThread
    SSDT 865650F0 ZwSetInformationProcess
    SSDT 865D62A8 ZwSetInformationThread
    SSDT 865480D0 ZwSuspendProcess
    SSDT 86589240 ZwSuspendThread
    SSDT 86655E90 ZwTerminateProcess
    SSDT 865894B8 ZwTerminateThread
    SSDT 85EC4250 ZwUnmapViewOfSection
    SSDT 86571120 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 250 804E28BC 4 Bytes CALL 5BD47E2D
    .text ntoskrnl.exe!_abnormal_termination + 3DC 804E2A48 2 Bytes [F0, 50]
    .text ntoskrnl.exe!_abnormal_termination + 3DF 804E2A4B 5 Bytes [86, A8, 62, 5D, 86]
    .text ntoskrnl.exe!_abnormal_termination + 4A0 804E2B0C 2 Bytes [20, 11] {AND [ECX], DL}
    .text ntoskrnl.exe!_abnormal_termination + 4A3 804E2B0F 1 Byte [86]
    ? C:\WINDOWS\system32\drivers\wpsdrvnt.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[280] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\RunDll32.exe[332] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[340] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\vVX1000.exe[368] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[388] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Messenger\msmsgs.exe[404] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1196] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1348] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1680] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1768] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\WINDOWS\System32\alg.exe[2224] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2740] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 617752D0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 6177530A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 61775344 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 6177537E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 617753B8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 617753F2 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 6177542C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 61775466 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 617754A0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 617754DA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 61775514 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
    .text C:\Documents and Settings\User\My Documents\Downloads\gmer\gmer.exe[3188] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 6177554E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----


    Thank you again if you see this post and sorry for my inconvience.
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,812
    that is badly infected

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully

    Download ComboFix from Here to your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  10. ninjitsuboy

    ninjitsuboy Thread Starter

    Joined:
    Jun 13, 2010
    Messages:
    11
    Heres the log

    ComboFix 10-06-23.05 - User 24/06/2010 21:31:16.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.611 [GMT 1:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
    .

    2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\User\IECompatCache
    2010-06-21 17:33 . 2010-06-21 17:33 -------- d-sh--w- c:\documents and settings\User\PrivacIE
    2010-06-21 17:20 . 2010-06-21 17:20 -------- d-sh--w- c:\documents and settings\User\IETldCache
    2010-06-20 18:23 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-20 18:23 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-20 18:23 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-20 18:23 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-20 18:23 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-06-20 18:23 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-06-20 18:23 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-20 18:23 . 2010-06-21 17:43 -------- d-----w- c:\windows\ie8updates
    2010-06-20 18:22 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-06-20 18:15 . 2010-06-20 18:22 -------- dc-h--w- c:\windows\ie8
    2010-06-19 15:18 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-06-19 15:18 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-06-19 15:14 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-06-19 14:58 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-06-19 14:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-06-19 14:48 . 2010-06-19 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-06-19 14:47 . 2010-06-19 14:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\NPE
    2010-06-19 14:43 . 2010-06-19 14:43 -------- d-----w- c:\windows\system32\KB905474
    2010-06-19 14:38 . 2010-06-21 17:43 -------- d--h--w- c:\windows\$hf_mig$
    2010-06-19 14:10 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
    2010-06-19 14:08 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-06-19 14:08 . 2010-02-17 08:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-06-19 14:08 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-06-05 17:20 . 2010-06-05 17:20 0 ----a-w- c:\windows\nsreg.dat
    2010-06-05 17:20 . 2010-06-05 17:20 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-13 11:40 . 2009-08-22 15:51 1744 ----a-w- c:\windows\system32\d3d9caps.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
    "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/06/2010 21:30 102448]
    S2 Regv Controler;Regv Controler;"c:\windows\system32\drivers\Regv.exe" --> c:\windows\system32\drivers\Regv.exe [?]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/05/2007 13:55 23888]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-24 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2010-06-19 21:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\35kmanhv.default\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Cmaudio - cmicnfg.cpl
    SafeBoot-BsScanner



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-24 21:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"="a"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(4028)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-06-24 21:38:35
    ComboFix-quarantined-files.txt 2010-06-24 20:38
    ComboFix2.txt 2010-06-19 12:20

    Pre-Run: 30,122,684,416 bytes free
    Post-Run: 30,148,730,880 bytes free

    - - End Of File - - 6CB67C35C8BD0B4FCABCC04F8DAF8D21


    Thanks for the fast reply I'll be able to follow your orders and reply back as I have a few days off my exams
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,812
    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

    at the end it will pop up an alert & open your browser and ask you to send the zip file

    please follow those instructions. We need to see the zip file before we can carry on with the fix

    If there is no pop up alert or open browser then

    please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

    Files to submit:
    the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

    Ifv there is no zip file don't worry as the file might have already been deleted by your antivirus, in which case just post the new combofix report & tell us how it is
     

    Attached Files:

  12. ninjitsuboy

    ninjitsuboy Thread Starter

    Joined:
    Jun 13, 2010
    Messages:
    11
    I've done what you instructed but I cannot find the zip file
    but here is the log

    ComboFix 10-06-25.04 - User 26/06/2010 12:23:27.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.617 [GMT 1:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_AFWCORE
    -------\Legacy_BDSPY
    -------\Legacy_REGV_CONTROLER
    -------\Service_Regv Controler
    -------\Service_vsdatant


    ((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
    .

    2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-06-21 17:34 . 2010-06-21 17:34 -------- d-sh--w- c:\documents and settings\User\IECompatCache
    2010-06-21 17:33 . 2010-06-21 17:33 -------- d-sh--w- c:\documents and settings\User\PrivacIE
    2010-06-21 17:20 . 2010-06-21 17:20 -------- d-sh--w- c:\documents and settings\User\IETldCache
    2010-06-20 18:23 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-20 18:23 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-20 18:23 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-20 18:23 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-20 18:23 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-06-20 18:23 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-06-20 18:23 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-20 18:23 . 2010-06-21 17:43 -------- d-----w- c:\windows\ie8updates
    2010-06-20 18:22 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-06-20 18:15 . 2010-06-20 18:22 -------- dc-h--w- c:\windows\ie8
    2010-06-19 15:18 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-06-19 15:18 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-06-19 15:14 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-06-19 14:58 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-06-19 14:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-06-19 14:48 . 2010-06-19 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-06-19 14:47 . 2010-06-19 14:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\NPE
    2010-06-19 14:43 . 2010-06-19 14:43 -------- d-----w- c:\windows\system32\KB905474
    2010-06-19 14:38 . 2010-06-21 17:43 -------- d--h--w- c:\windows\$hf_mig$
    2010-06-19 14:10 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
    2010-06-19 14:08 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-06-19 14:08 . 2010-02-17 08:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-06-19 14:08 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2010-06-14 19:19 . 2010-06-14 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-06-05 17:20 . 2010-06-05 17:20 0 ----a-w- c:\windows\nsreg.dat
    2010-06-05 17:20 . 2010-06-05 17:20 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-13 11:40 . 2009-08-22 15:51 1744 ----a-w- c:\windows\system32\d3d9caps.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
    "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/06/2010 21:30 102448]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/05/2007 13:55 23888]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-26 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2010-06-19 21:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\35kmanhv.default\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-26 12:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"="a"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1816)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    .
    **************************************************************************
    .
    Completion time: 2010-06-26 12:38:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-06-26 11:38
    ComboFix2.txt 2010-06-24 20:38
    ComboFix3.txt 2010-06-19 12:20

    Pre-Run: 30,142,169,088 bytes free
    Post-Run: 30,098,522,112 bytes free

    - - End Of File - - C69A0FC83C5B2E22A8C784FD834B50FD

    The computer seems to run much faster and now there isn't anymore pop up from symantec about trojans. Thank you and I'll just standby till I receive your reply
     
  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,812
    how is it now
     
  14. ninjitsuboy

    ninjitsuboy Thread Starter

    Joined:
    Jun 13, 2010
    Messages:
    11
    Um, what do you mean by how is it now exactly?
     
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,812
    exactly what it says

    If you don't know then what is the point of me trying to help you. I can't see your copmputer, you can!

    Are you still getting error messages or virus alerts or any other weird behaviour
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/928934