Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicking links redirects me to advertisements and spam


  • This topic is locked This topic is locked
8 replies to this topic

#1 Lifeson22

Lifeson22

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 19 April 2009 - 02:03 AM

Sometimes clicking links redirects me to advertisements and spam, rather than the intended link i want to view. I have tried spyware removal tools (malwarebytes, superanti spyware), and they found trojans, i removed them, but i'm still having the problem. Also, when searching in google, if i click a link, and then hit the back button in firefox, it brings me to the original blank search page, not the search results page.

Any help is appreciated
Here is my Hijackthis log:









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:02 AM, on 4/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Button Manager\BM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\jklewkrj.dat.exe
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: HP Button Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Magic-i.lnk = C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238607269812
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9319 bytes

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:21 PM

Posted 19 April 2009 - 10:03 AM

Hi Lifeson22,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:21 PM

Posted 20 April 2009 - 06:13 AM

Hi Lifeson22,

The tools you have been running may have taken out some of the visible infections so we need to run a couple more search tools.

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 Lifeson22

Lifeson22
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 20 April 2009 - 04:46 PM

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-20 17:42:18
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 89B95D50 ZwAlertResumeThread
SSDT 89631F88 ZwAlertThread
SSDT 89DCAE08 ZwAllocateVirtualMemory
SSDT 89BE8190 ZwConnectPort
SSDT 89CD0EB0 ZwCreateMutant
SSDT 89D23790 ZwCreateThread
SSDT 89C6EAE8 ZwFreeVirtualMemory
SSDT 89D25160 ZwImpersonateAnonymousToken
SSDT 89BA4808 ZwImpersonateThread
SSDT 89B6AF10 ZwMapViewOfSection
SSDT 89DCE518 ZwOpenEvent
SSDT 896078B8 ZwOpenProcessToken
SSDT 89E593F0 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xB1B61240]
SSDT SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwQueryDefaultLocale [0xBA5F2790]
SSDT 89B772B0 ZwResumeThread
SSDT 895C8158 ZwSetContextThread
SSDT 89B54548 ZwSetInformationProcess
SSDT 895FAEB0 ZwSetInformationThread
SSDT 89DFAF88 ZwSuspendProcess
SSDT 89630908 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB1743DF0]
SSDT 87A7C228 ZwTerminateThread
SSDT 89CBFD80 ZwUnmapViewOfSection
SSDT 89DFED60 ZwWriteVirtualMemory

Code 89B9BBE8 ZwEnumerateKey
Code 87AF9CD0 ZwFlushInstructionCache
Code 89CCEE7E IofCallDriver
Code 89B90116 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 89CCEE83
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 89B9011B
.text ntkrnlpa.exe!ZwCallbackReturn + 2D10 805045AC 4 Bytes CALL FEDA0C9B
.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + B5D 80541615 5 Bytes JMP BA5F3AD0 SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation)
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 87AF9CD4
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 5 Bytes JMP 89B9BBEC
.text ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560
.text ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A
.text ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4
.text ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E
.text ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648
.text ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682
.text ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC
.text ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6
.text ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730
.text ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A
.text ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4
.text ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[168] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[268] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[320] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[340] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EE000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F1000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EF000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[344] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F0000A
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[564] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Owner\My Documents\gmer.exe[716] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[864] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[892] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[912] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[956] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1028] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1164] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1348] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1360] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[1448] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1544] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1676] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1720] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1732] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1868] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1932] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2012] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[2136] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Button Manager\BM.exe[2176] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2188] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[2208] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2508] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2628] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2660] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2932] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3776] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6F025560 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6F02559A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6F0255D4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6F02560E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6F025648 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6F025682 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6F0256BC C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6F0256F6 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6F025730 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6F02576A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6F0257A4 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4036] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6F0257DE C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device AD3EAD20
Device AD402631

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcighrdswjtensdfvnyidwgrhvnbhpxejh.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [344] 0x10000000

---- EOF - GMER 1.0.15 ----


Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-04-20 17:43:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 49 GB (72%) free of 68 GB
Total RAM: 2046 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:24 PM, on 4/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Button Manager\BM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\jklewkrj.dat.exe
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: HP Button Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Magic-i.lnk = C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238607269812
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9060 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
ZILLAbar Browser Helper Object - C:\Program Files\STOPzilla!\SZSG.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-01 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
STOPzilla Browser Helper Object - C:\Program Files\STOPzilla!\SZIEBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{98828DED-A591-462F-83BA-D2F62A68B8B8} - STOPzilla - C:\Program Files\STOPzilla!\SZSG.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-08-06 115560]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-11-04 615696]
"SBAMTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe [2009-03-17 681256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Aim6"= []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\jklewkrj.dat.exe [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-01 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2005-11-18 1724416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2
"Ati HotKey Poller"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Button Manager.lnk - C:\Program Files\HP\Button Manager\BM.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Magic-i.lnk - C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
MLB.TV NexDef Plug-in.lnk - C:\Documents and Settings\Owner\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\trlrm\RMHSvc.exe"="C:\WINDOWS\trlrm\RMHSvc.exe:*:Enabled:RMHSvc.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\trlrm\RMHSvc.exe"="C:\WINDOWS\trlrm\RMHSvc.exe:*:Enabled:RMHSvc.exe"

======List of files/folders created in the last 1 months======

2009-04-20 17:43:21 ----D---- C:\rsit
2009-04-19 02:34:36 ----D---- C:\Program Files\Trend Micro
2009-04-19 02:16:16 ----D---- C:\Documents and Settings\Owner\Application Data\Sunbelt
2009-04-19 02:16:14 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt
2009-04-19 02:16:04 ----D---- C:\Program Files\Sunbelt Software
2009-04-19 02:04:06 ----D---- C:\Program Files\AVG
2009-04-19 01:41:47 ----D---- C:\Program Files\Panda Security
2009-04-19 00:56:01 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-04-19 00:53:19 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-19 00:51:10 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-19 00:51:10 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2009-04-19 00:50:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-19 00:29:31 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-04-19 00:13:07 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-19 00:06:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-19 00:06:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-18 23:48:02 ----A---- C:\WINDOWS\spywall_log.txt
2009-04-18 22:56:35 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-18 19:56:11 ----D---- C:\Program Files\Autorun Eater
2009-04-18 16:55:31 ----D---- C:\Program Files\Research In Motion
2009-04-18 16:14:40 ----D---- C:\WINDOWS\system32\appmgmt
2009-04-18 15:51:09 ----D---- C:\Documents and Settings\Owner\Application Data\Research In Motion
2009-04-18 15:49:32 ----D---- C:\Program Files\Common Files\Research In Motion
2009-04-18 02:27:57 ----D---- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2009-04-16 18:17:03 ----SHD---- C:\WINDOWS\ftpcache
2009-04-10 23:21:18 ----D---- C:\Program Files\iPod
2009-04-10 23:21:14 ----D---- C:\Program Files\iTunes
2009-04-10 23:21:14 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-05 22:36:10 ----A---- C:\WINDOWS\system32\gaopdxwcrabwcusdacnttnuqcfscbkmmddugph.dll
2009-04-05 00:22:52 ----D---- C:\Documents and Settings\Owner\Application Data\DivX
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-04-05 00:22:11 ----N---- C:\WINDOWS\system32\px.dll
2009-04-05 00:21:48 ----D---- C:\Program Files\Common Files\DivX Shared
2009-04-05 00:21:47 ----D---- C:\Program Files\DivX
2009-04-04 17:31:36 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-03 17:22:20 ----D---- C:\WINDOWS\Sun
2009-04-03 02:00:14 ----HD---- C:\WINDOWS\PIF
2009-04-03 01:46:26 ----D---- C:\Program Files\uTorrent
2009-04-03 01:46:18 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-04-02 03:00:21 ----D---- C:\Program Files\MSXML 4.0
2009-04-01 22:59:32 ----D---- C:\Documents and Settings\Owner\Application Data\HP
2009-04-01 22:59:12 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-04-01 22:58:27 ----D---- C:\Program Files\Common Files\HP
2009-04-01 22:56:58 ----D---- C:\Program Files\Hewlett-Packard
2009-04-01 22:56:39 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-04-01 22:55:49 ----A---- C:\WINDOWS\system32\hpz3l054.dll
2009-04-01 22:51:30 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-04-01 22:51:30 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-04-01 22:51:30 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-04-01 22:51:30 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-04-01 22:51:30 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-04-01 22:51:30 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-04-01 22:51:21 ----A---- C:\WINDOWS\IsUninst.exe
2009-04-01 22:49:50 ----HD---- C:\Config.Msi
2009-04-01 22:45:45 ----A---- C:\WINDOWS\system32\hpowiax2.dll
2009-04-01 22:45:45 ----A---- C:\WINDOWS\system32\hpotiop2.dll
2009-04-01 22:45:44 ----A---- C:\WINDOWS\system32\hpzjsn01.dll
2009-04-01 22:45:44 ----A---- C:\WINDOWS\system32\HPZIDS01.dll
2009-04-01 22:45:44 ----A---- C:\WINDOWS\system32\HPZc3212.dll
2009-04-01 22:45:44 ----A---- C:\WINDOWS\system32\hpovst09.dll
2009-04-01 21:11:02 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2009-04-01 21:10:55 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-04-01 21:10:36 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-01 21:10:24 ----D---- C:\Program Files\Bonjour
2009-04-01 21:09:59 ----D---- C:\Program Files\QuickTime
2009-04-01 21:09:57 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-04-01 21:09:44 ----D---- C:\Program Files\Apple Software Update
2009-04-01 21:09:21 ----D---- C:\Program Files\Common Files\Apple
2009-04-01 21:09:21 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-04-01 20:20:46 ----D---- C:\Documents and Settings\Owner\Application Data\ArcSoft
2009-04-01 19:52:04 ----D---- C:\Program Files\HP
2009-04-01 19:51:58 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2009-04-01 19:47:33 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-04-01 19:47:32 ----A---- C:\WINDOWS\system32\gdiplus.dll
2009-04-01 19:46:31 ----D---- C:\Documents and Settings\All Users\Application Data\ArcSoft
2009-04-01 19:46:14 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-04-01 19:45:58 ----A---- C:\WINDOWS\system32\unicows.dll
2009-04-01 19:45:56 ----A---- C:\WINDOWS\system32\PCDLIB32.DLL
2009-04-01 19:45:55 ----A---- C:\WINDOWS\system32\ArcFakeCapture.dll
2009-04-01 19:45:53 ----D---- C:\Program Files\Common Files\ArcSoft
2009-04-01 19:45:52 ----D---- C:\Program Files\ArcSoft
2009-04-01 18:18:35 ----D---- C:\Documents and Settings\Owner\Application Data\skypePM
2009-04-01 18:16:00 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2009-04-01 17:47:50 ----D---- C:\Program Files\Common Files\Skype
2009-04-01 17:47:47 ----RD---- C:\Program Files\Skype
2009-04-01 17:47:33 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-04-01 17:42:31 ----D---- C:\Documents and Settings\Owner\Application Data\acccore
2009-04-01 17:42:10 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-04-01 17:42:09 ----D---- C:\Program Files\Viewpoint
2009-04-01 17:42:09 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2009-04-01 17:42:03 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-04-01 17:42:03 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-04-01 17:41:47 ----D---- C:\Program Files\Common Files\AOL
2009-04-01 17:41:35 ----D---- C:\Program Files\AIM6
2009-04-01 17:35:08 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2009-04-01 17:35:02 ----D---- C:\Program Files\Mozilla Firefox
2009-04-01 17:15:13 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-04-01 17:14:33 ----D---- C:\Program Files\Microsoft Works
2009-04-01 17:14:25 ----D---- C:\Program Files\MSBuild
2009-04-01 17:14:02 ----D---- C:\Program Files\Microsoft Visual Studio
2009-04-01 17:14:01 ----D---- C:\Program Files\Common Files\DESIGNER
2009-04-01 17:11:05 ----D---- C:\WINDOWS\SHELLNEW
2009-04-01 17:10:38 ----D---- C:\Program Files\Microsoft Office
2009-04-01 17:10:37 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-01 17:10:18 ----RHD---- C:\MSOCache
2009-04-01 15:25:47 ----D---- C:\WINDOWS\pss
2009-04-01 15:13:43 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-01 15:13:43 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-01 15:13:43 ----A---- C:\WINDOWS\system32\java.exe
2009-04-01 15:13:43 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-01 15:13:31 ----D---- C:\Program Files\Java
2009-04-01 15:13:02 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2009-04-01 15:09:40 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-04-01 15:09:34 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2009-04-01 15:09:34 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-04-01 15:09:07 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-01 15:08:57 ----D---- C:\Program Files\Common Files\Adobe
2009-04-01 15:08:57 ----D---- C:\Program Files\Adobe
2009-04-01 15:08:29 ----D---- C:\Adobe Reader 9 Installer
2009-04-01 15:07:26 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-04-01 15:07:25 ----D---- C:\Program Files\NOS
2009-04-01 14:15:33 ----A---- C:\WINDOWS\tosOBEX.INI
2009-04-01 14:11:42 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-04-01 14:11:22 ----A---- C:\WINDOWS\system32\MSVCR71.DLL
2009-04-01 14:11:22 ----A---- C:\WINDOWS\system32\MSVCP71.DLL
2009-04-01 14:11:22 ----A---- C:\WINDOWS\system32\MFC71.DLL
2009-04-01 14:11:22 ----A---- C:\WINDOWS\system32\capicom.dll
2009-04-01 14:11:14 ----D---- C:\Program Files\Symantec
2009-04-01 14:11:14 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-04-01 14:11:14 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-04-01 14:04:51 ----D---- C:\JeffreyBertie(34704)
2009-04-01 13:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-01 13:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-01 13:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-01 13:54:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-01 13:54:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-01 13:54:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-01 13:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-01 13:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-01 13:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-01 13:54:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-01 13:54:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-01 13:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-01 13:53:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-01 13:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-01 13:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-01 13:53:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-01 13:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-01 13:53:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-01 13:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-01 13:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-01 13:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-01 13:53:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-01 13:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-01 13:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-01 13:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-01 13:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-01 13:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-04-01 13:52:18 ----D---- C:\WINDOWS\ie7updates
2009-04-01 13:52:04 ----D---- C:\WINDOWS\WBEM
2009-04-01 13:51:09 ----HDC---- C:\WINDOWS\ie7
2009-04-01 13:51:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-04-01 13:50:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-04-01 13:50:07 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-01 13:44:01 ----D---- C:\WINDOWS\Downloaded Installations
2009-04-01 13:42:30 ----D---- C:\Program Files\Broadcom
2009-04-01 13:40:02 ----D---- C:\Program Files\ATI Technologies
2009-04-01 13:38:53 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-04-01 13:38:53 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-04-01 13:38:53 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2009-04-01 13:38:53 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-04-01 13:38:53 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-04-01 13:38:53 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-04-01 13:38:53 ----A---- C:\WINDOWS\system32\atioglx1.dll
2009-04-01 13:38:53 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-04-01 13:38:53 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-04-01 13:38:53 ----A---- C:\WINDOWS\system32\ATIDEMGR.dll
2009-04-01 13:38:53 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-04-01 13:38:52 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-04-01 13:38:52 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-04-01 13:38:52 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-04-01 13:38:52 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-04-01 13:38:52 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-04-01 13:38:52 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-04-01 13:38:52 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-04-01 13:38:00 ----A---- C:\WINDOWS\system32\sfms32.dll
2009-04-01 13:38:00 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-04-01 13:38:00 ----A---- C:\WINDOWS\system32\CiFilter.ini
2009-04-01 13:38:00 ----A---- C:\WINDOWS\system32\CiEcho.dll
2009-04-01 13:38:00 ----A---- C:\WINDOWS\inres.dll
2009-04-01 13:37:56 ----D---- C:\Program Files\Creative
2009-04-01 13:37:56 ----A---- C:\WINDOWS\system32\cifilter.dll
2009-04-01 13:37:21 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-04-01 13:36:59 ----D---- C:\WINDOWS\system32\PreInstall
2009-04-01 13:36:59 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-04-01 13:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-04-01 13:36:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-01 13:36:56 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-04-01 13:35:35 ----D---- C:\Program Files\BlueTooth
2009-04-01 13:35:02 ----A---- C:\WINDOWS\system32\wups2.dll
2009-04-01 13:35:02 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-04-01 13:35:02 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-04-01 13:35:01 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-04-01 13:35:01 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-04-01 13:32:20 ----D---- C:\Program Files\Toshiba
2009-04-01 13:32:08 ----A---- C:\WINDOWS\system32\stlang.dll
2009-04-01 13:32:08 ----A---- C:\WINDOWS\stsystra.exe
2009-04-01 13:32:07 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-04-01 13:32:01 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-01 13:32:01 ----D---- C:\Program Files\SigmaTel
2009-04-01 13:32:01 ----A---- C:\WINDOWS\system32\stacapi.dll
2009-04-01 13:32:01 ----A---- C:\WINDOWS\system32\st325602.dll
2009-04-01 13:31:50 ----D---- C:\Intel
2009-04-01 13:30:51 ----D---- C:\Program Files\DIFX
2009-04-01 13:30:45 ----A---- C:\WINDOWS\system32\snymsico.dll
2009-04-01 13:30:45 ----A---- C:\WINDOWS\system32\rixdicon.dll
2009-04-01 13:29:22 ----D---- C:\Program Files\Synaptics
2009-04-01 13:29:22 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2009-04-01 13:29:22 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2009-04-01 13:29:22 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2009-04-01 13:29:22 ----A---- C:\WINDOWS\system32\SynCOM.dll
2009-04-01 13:29:13 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-01 13:28:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-01 13:26:31 ----D---- C:\Documents and Settings\Owner\Application Data\Intel
2009-04-01 13:26:29 ----A---- C:\WINDOWS\system32\results.txt
2009-04-01 13:26:07 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2009-04-01 13:25:49 ----N---- C:\WINDOWS\system32\NETw4c32.dll
2009-04-01 13:25:49 ----A---- C:\WINDOWS\system32\NETw4r32.dll
2009-04-01 13:25:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-01 13:25:46 ----D---- C:\Program Files\Intel
2009-04-01 13:25:20 ----D---- C:\dell
2009-04-01 13:24:36 ----SHD---- C:\RECYCLER
2009-04-01 13:24:29 ----A---- C:\SEP11_32-Bit.exe
2009-04-01 13:24:26 ----D---- C:\Windows MSOffice2007
2009-04-01 13:24:21 ----D---- C:\Inspiron E1505
2009-04-01 13:21:47 ----D---- C:\Documents and Settings\Owner\Application Data\Identities
2009-04-01 13:21:46 ----HD---- C:\Program Files\Uninstall Information
2009-04-01 13:21:40 ----ASH---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2009-04-01 13:21:39 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-04-01 13:21:10 ----D---- C:\untitled folder 2
2009-04-01 13:20:34 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-01 13:20:33 ----D---- C:\WINDOWS\Prefetch
2009-04-01 13:20:32 ----SD---- C:\WINDOWS\system32\Microsoft
2009-04-01 13:20:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-01 13:17:09 ----D---- C:\WINDOWS\system32\xircom
2009-04-01 13:17:09 ----D---- C:\Program Files\xerox
2009-04-01 13:17:09 ----D---- C:\Program Files\microsoft frontpage
2009-04-01 13:16:53 ----A---- C:\WINDOWS\control.ini
2009-04-01 13:16:53 ----A---- C:\AUTOEXEC.BAT
2009-04-01 13:16:45 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-01 13:16:41 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-04-01 13:15:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-01 13:15:56 ----RD---- C:\WINDOWS\Offline Web Pages
2009-04-01 13:15:56 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-04-01 13:15:51 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-04-01 13:15:47 ----HD---- C:\Program Files\WindowsUpdate
2009-04-01 13:15:29 ----D---- C:\WINDOWS\system32\DirectX
2009-04-01 13:15:23 ----A---- C:\WINDOWS\system32\atrace.dll
2009-04-01 13:15:20 ----A---- C:\WINDOWS\system32\desktop.ini
2009-04-01 13:15:20 ----A---- C:\WINDOWS\desktop.ini
2009-04-01 13:15:13 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-04-01 13:15:12 ----A---- C:\WINDOWS\system32\acctres.dll
2009-04-01 13:15:11 ----D---- C:\Program Files\Common Files\Services
2009-04-01 13:15:09 ----SD---- C:\WINDOWS\Tasks
2009-04-01 13:15:09 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-04-01 13:15:08 ----D---- C:\Program Files\Common Files\MSSoap
2009-04-01 13:15:04 ----D---- C:\WINDOWS\srchasst
2009-04-01 13:15:03 ----D---- C:\WINDOWS\system32\Macromed
2009-04-01 13:15:00 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-04-01 13:15:00 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-04-01 13:15:00 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-04-01 13:15:00 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-04-01 13:14:59 ----A---- C:\WINDOWS\system32\wups.dll
2009-04-01 13:14:59 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-04-01 13:14:59 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-04-01 13:14:59 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-04-01 13:14:59 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-04-01 13:14:58 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-04-01 13:14:58 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-04-01 13:14:58 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-04-01 13:14:58 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-04-01 13:14:58 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-04-01 13:14:53 ----D---- C:\Program Files\Movie Maker
2009-04-01 13:14:36 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-04-01 13:14:36 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-04-01 13:14:36 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-04-01 13:14:36 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-04-01 13:14:32 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-04-01 13:14:32 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-04-01 13:14:31 ----D---- C:\WINDOWS\system32\Restore
2009-04-01 13:14:31 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-04-01 13:14:31 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-04-01 13:14:31 ----A---- C:\WINDOWS\system32\srclient.dll
2009-04-01 13:14:30 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-04-01 13:14:30 ----A---- C:\WINDOWS\system32\msconf.dll
2009-04-01 13:14:30 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-04-01 13:14:30 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-04-01 13:14:30 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-04-01 13:14:30 ----A---- C:\WINDOWS\system32\ils.dll
2009-04-01 13:14:27 ----D---- C:\Program Files\NetMeeting
2009-04-01 13:14:27 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-04-01 13:14:27 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-04-01 13:14:25 ----A---- C:\WINDOWS\system32\inetres.dll
2009-04-01 13:14:25 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-04-01 13:14:23 ----D---- C:\Program Files\Outlook Express
2009-04-01 13:14:23 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-04-01 13:14:23 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-04-01 13:14:23 ----A---- C:\WINDOWS\system32\mstask.dll
2009-04-01 13:14:22 ----A---- C:\WINDOWS\system32\isign32.dll
2009-04-01 13:14:22 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-04-01 13:14:22 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-04-01 13:14:22 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-04-01 13:14:16 ----D---- C:\Program Files\Common Files\System
2009-04-01 13:14:09 ----D---- C:\Program Files\Internet Explorer
2009-04-01 13:13:38 ----D---- C:\Program Files\ComPlus Applications
2009-04-01 13:13:36 ----A---- C:\WINDOWS\vbaddin.ini
2009-04-01 13:13:36 ----A---- C:\WINDOWS\vb.ini
2009-04-01 13:13:32 ----D---- C:\WINDOWS\Registration
2009-04-01 13:13:25 ----D---- C:\Program Files\Online Services
2009-04-01 13:13:24 ----D---- C:\Program Files\Windows Media Player
2009-04-01 13:13:18 ----D---- C:\Program Files\Messenger
2009-04-01 13:13:14 ----D---- C:\Program Files\MSN Gaming Zone
2009-04-01 13:13:14 ----A---- C:\WINDOWS\system32\write.exe
2009-04-01 13:13:06 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-04-01 13:13:06 ----A---- C:\WINDOWS\system32\hticons.dll
2009-04-01 13:13:06 ----A---- C:\WINDOWS\system32\avwav.dll
2009-04-01 13:13:05 ----A---- C:\WINDOWS\system32\winchat.exe
2009-04-01 13:13:05 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-04-01 13:13:05 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-04-01 13:13:00 ----A---- C:\WINDOWS\system32\getuname.dll
2009-04-01 13:12:59 ----A---- C:\WINDOWS\system32\winmine.exe
2009-04-01 13:12:59 ----A---- C:\WINDOWS\system32\sol.exe
2009-04-01 13:12:59 ----A---- C:\WINDOWS\system32\charmap.exe
2009-04-01 13:12:59 ----A---- C:\WINDOWS\system32\calc.exe
2009-04-01 13:12:58 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-04-01 13:12:58 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-04-01 13:12:58 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-04-01 13:12:58 ----A---- C:\WINDOWS\system32\tskill.exe
2009-04-01 13:12:58 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-04-01 13:12:58 ----A---- C:\WINDOWS\system32\tscon.exe
2009-04-01 13:12:58 ----A---- C:\WINDOWS\system32\shadow.exe
2009-04-01 13:12:58 ----A---- C:\WINDOWS\system32\reset.exe
2009-04-01 13:12:58 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-04-01 13:12:58 ----A---- C:\WINDOWS\system32\freecell.exe
2009-04-01 13:12:57 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-04-01 13:12:57 ----A---- C:\WINDOWS\system32\regini.exe
2009-04-01 13:12:57 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-04-01 13:12:57 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-04-01 13:12:57 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-04-01 13:12:57 ----A---- C:\WINDOWS\system32\msg.exe
2009-04-01 13:12:57 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-04-01 13:12:57 ----A---- C:\WINDOWS\system32\logoff.exe
2009-04-01 13:12:57 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-04-01 13:12:52 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-04-01 13:12:34 ----D---- C:\Program Files\MSN
2009-04-01 13:12:33 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-04-01 13:12:32 ----D---- C:\Program Files\Windows NT
2009-04-01 13:12:32 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-04-01 13:12:32 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-04-01 13:12:32 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-04-01 13:12:31 ----A---- C:\WINDOWS\system32\spider.exe
2009-04-01 13:12:31 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-04-01 13:12:31 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-04-01 13:12:30 ----D---- C:\WINDOWS\system32\en-US
2009-04-01 13:12:30 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-04-01 13:12:30 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-04-01 13:12:30 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-04-01 13:12:29 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-04-01 13:12:28 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-04-01 13:12:28 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-04-01 13:12:28 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-04-01 13:12:28 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-04-01 13:12:28 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-04-01 13:12:28 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-04-01 13:12:28 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-04-01 13:12:27 ----D---- C:\WINDOWS\system32\MsDtc
2009-04-01 13:12:27 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-04-01 13:12:27 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-04-01 13:12:27 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-04-01 13:12:27 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-04-01 13:12:27 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-04-01 13:12:27 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-04-01 13:12:27 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-04-01 13:12:27 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-04-01 13:12:26 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-04-01 13:12:26 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-04-01 13:12:26 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-04-01 13:12:26 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-04-01 13:12:26 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-04-01 13:12:26 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-04-01 13:12:25 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-04-01 13:12:25 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-04-01 13:12:25 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-04-01 13:12:25 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-04-01 13:12:24 ----D---- C:\WINDOWS\system32\Com
2009-04-01 13:12:24 ----A---- C:\WINDOWS\system32\stclient.dll
2009-04-01 13:12:24 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-04-01 13:12:24 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-04-01 13:12:24 ----A---- C:\WINDOWS\system32\colbact.dll
2009-04-01 13:12:24 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-04-01 13:12:24 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-04-01 13:12:23 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-04-01 13:12:23 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-04-01 13:12:23 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-04-01 13:12:22 ----A---- C:\WINDOWS\system32\comuid.dll
2009-04-01 13:12:22 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-04-01 13:12:22 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-04-01 13:12:15 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-04-01 13:12:15 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-04-01 13:12:15 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-04-01 13:12:15 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-04-01 08:11:00 ----A---- C:\WINDOWS\system32\h323log.txt
2009-04-01 08:09:43 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-04-01 08:09:43 ----A---- C:\WINDOWS\system32\irmon.dll
2009-04-01 08:09:43 ----A---- C:\WINDOWS\system32\irftp.exe
2009-04-01 08:08:31 ----A---- C:\WINDOWS\system32\usbui.dll
2009-04-01 08:07:13 ----A---- C:\WINDOWS\imsins.BAK
2009-04-01 08:07:10 ----SHD---- C:\WINDOWS\Installer
2009-04-01 08:07:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-01 08:07:09 ----D---- C:\Program Files\Common Files\ODBC
2009-04-01 08:07:09 ----A---- C:\WINDOWS\ODBCINST.INI
2009-04-01 08:07:05 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-04-01 08:07:04 ----RD---- C:\Program Files
2009-04-01 08:07:04 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-01 08:07:04 ----D---- C:\Program Files\Common Files
2009-04-01 08:07:01 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-04-01 08:07:01 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-04-01 08:07:01 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-04-01 08:07:00 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-04-01 08:07:00 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-04-01 08:07:00 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-04-01 08:07:00 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-04-01 08:07:00 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-04-01 08:07:00 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-04-01 08:07:00 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-04-01 08:07:00 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-04-01 08:07:00 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-04-01 08:06:59 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-04-01 08:06:59 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-04-01 08:06:59 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-04-01 08:06:58 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-04-01 08:06:58 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-04-01 08:06:58 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-04-01 08:06:58 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-04-01 08:06:58 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-04-01 08:06:58 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-04-01 08:06:58 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-04-01 08:06:57 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-04-01 08:06:57 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-04-01 08:06:57 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-04-01 08:06:57 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-04-01 08:06:57 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-04-01 08:06:55 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-04-01 08:06:53 ----A---- C:\WINDOWS\system32\irclass.dll
2009-04-01 08:06:53 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-04-01 08:06:53 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-04-01 08:06:52 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-04-01 08:06:52 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-04-01 08:06:50 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-04-01 08:06:50 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-04-01 08:06:50 ----A---- C:\WINDOWS\system32\batt.dll
2009-04-01 08:06:49 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-04-01 08:06:48 ----A---- C:\WINDOWS\system32\storprop.dll
2009-04-01 08:06:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-04-01 08:06:37 ----RA---- C:\WINDOWS\SET8.tmp
2009-04-01 08:06:34 ----RA---- C:\WINDOWS\SET4.tmp
2009-04-01 08:06:33 ----RA---- C:\WINDOWS\SET3.tmp
2009-04-01 08:06:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-01 08:06:28 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-01 08:06:22 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-01 08:05:59 ----A---- C:\WINDOWS\setuplog.txt
2009-04-01 08:05:55 ----SHD---- C:\System Volume Information
2009-04-01 08:05:55 ----D---- C:\Documents and Settings
2009-04-01 07:57:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-01 07:57:42 ----RSD---- C:\WINDOWS\Fonts
2009-04-01 07:57:42 ----RD---- C:\WINDOWS\Web
2009-04-01 07:57:42 ----HD---- C:\WINDOWS\inf
2009-04-01 07:57:42 ----D---- C:\WINDOWS\WinSxS
2009-04-01 07:57:42 ----D---- C:\WINDOWS\twain_32
2009-04-01 07:57:42 ----D---- C:\WINDOWS\Temp
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\wins
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\wbem
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\usmt
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\spool
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\ShellExt
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\Setup
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\scripting
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\ras
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\oobe
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\npp
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\mui
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\IME
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\icsxml
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\ias
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\export
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\en
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\drivers
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\dhcp
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\config
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\3com_dmi
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\3076
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\2052
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\1054
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\1042
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\1041
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\1037
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\1033
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\1031
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\1028
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32\1025
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system32
2009-04-01 07:57:42 ----D---- C:\WINDOWS\system
2009-04-01 07:57:42 ----D---- C:\WINDOWS\security
2009-04-01 07:57:42 ----D---- C:\WINDOWS\Resources
2009-04-01 07:57:42 ----D---- C:\WINDOWS\repair
2009-04-01 07:57:42 ----D---- C:\WINDOWS\Provisioning
2009-04-01 07:57:42 ----D---- C:\WINDOWS\PeerNet
2009-04-01 07:57:42 ----D---- C:\WINDOWS\pchealth
2009-04-01 07:57:42 ----D---- C:\WINDOWS\Network Diagnostic
2009-04-01 07:57:42 ----D---- C:\WINDOWS\mui
2009-04-01 07:57:42 ----D---- C:\WINDOWS\msapps
2009-04-01 07:57:42 ----D---- C:\WINDOWS\msagent
2009-04-01 07:57:42 ----D---- C:\WINDOWS\Media
2009-04-01 07:57:42 ----D---- C:\WINDOWS\L2Schemas
2009-04-01 07:57:42 ----D---- C:\WINDOWS\java
2009-04-01 07:57:42 ----D---- C:\WINDOWS\ime
2009-04-01 07:57:42 ----D---- C:\WINDOWS\Help
2009-04-01 07:57:42 ----D---- C:\WINDOWS\ehome
2009-04-01 07:57:42 ----D---- C:\WINDOWS\Driver Cache
2009-04-01 07:57:42 ----D---- C:\WINDOWS\Debug
2009-04-01 07:57:42 ----D---- C:\WINDOWS\Cursors
2009-04-01 07:57:42 ----D---- C:\WINDOWS\Connection Wizard
2009-04-01 07:57:42 ----D---- C:\WINDOWS\Config
2009-04-01 07:57:42 ----D---- C:\WINDOWS\AppPatch
2009-04-01 07:57:42 ----D---- C:\WINDOWS\addins
2009-04-01 07:57:42 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-04-01 22:59:24 ----A---- C:\WINDOWS\win.ini
2009-04-01 18:30:12 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-08-14 250416]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-08-14 25136]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-04-01 21361]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ARCSOFTVIRTUALCAPTURE;Magic-i Virtual Driver; C:\WINDOWS\system32\DRIVERS\ArcSoftVirtualCapture.sys [2007-07-02 15616]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090419.024\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090419.024\NAVEX15.SYS []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-06 220032]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2007-08-06 49024]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-06-13 47488]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-06-13 111232]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-29 60672]
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-06-09 40192]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 BCOREUSB;BCOREUSB.Sys CSR test driver; C:\WINDOWS\System32\Drivers\BCOREUSB.sys [2005-10-03 86867]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 qjqabsah;qjqabsah; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\qjqabsah.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-08-14 277040]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; a []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-06 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-06 108392]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 MgiSvr;MgiSvr; C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe [2006-11-13 76544]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2007-09-07 2532736]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2007-09-06 2177464]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S2 SBAMSvc;CounterSpy Antispyware; C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2009-03-17 894248]
S2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe []
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2007-09-07 234888]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-01 152984]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-04-20 17:43:27

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Magic-i 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB046D7-C187-4648-A1A9-FC875F7E3FCE}\setup.exe" -l0x9
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{719842F9-FF69-4BA6-A6FE-52244575E0B3}\setup.exe" -l0x9
ArcSoft WebCam Companion 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB67266-D1A3-4CCC-8EB2-16770AB1FB76}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{98DC111A-7C22-4C26-B2A1-E654264DAC1E}
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{98DC111A-7C22-4C26-B2A1-E654264DAC1E}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Button Manager-->C:\Program Files\InstallShield Installation Information\{CA634931-0CC3-4067-ABCC-7182E1DC23B7}\setup.exe -runfromtemp -l0x0009 -removeonly
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Webcam User’s Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D31612BB-C6D7-4142-96AE-16DB062354CF}\setup.exe" -l0x9
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
MLB.TV NexDef Plug-in-->C:\Documents and Settings\Owner\Local Settings\Application Data\Autobahn\Uninstall.exe
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sound Blaster ADVANCED MB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
STOPzilla-->MsiExec.exe /X{7A5E68D5-DEA7-4067-B191-B4AE756C057B}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Endpoint Protection-->MsiExec.exe /I{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

======Security center information======

AV: Symantec Endpoint Protection
FW: Symantec Endpoint Protection

======System event log======

Computer Name: OWNER-756A222BC
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001302A07D5D. The IP address being used is 169.254.74.216.

Record Number: 2725
Source Name: Dhcp
Time Written: 20090414100045.000000-240
Event Type: warning
User:

Computer Name: OWNER-756A222BC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302A07D5D. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2724
Source Name: Dhcp
Time Written: 20090414100039.000000-240
Event Type: warning
User:

Computer Name: OWNER-756A222BC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302A07D5D. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2693
Source Name: Dhcp
Time Written: 20090413183932.000000-240
Event Type: warning
User:

Computer Name: OWNER-756A222BC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302A07D5D. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2692
Source Name: Dhcp
Time Written: 20090413183930.000000-240
Event Type: warning
User:

Computer Name: OWNER-756A222BC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302A07D5D. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2691
Source Name: Dhcp
Time Written: 20090413183930.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Common Files\ArcSoft\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:21 PM

Posted 21 April 2009 - 06:18 AM

Hi Lifeson22,

Yes, there's some malware hiding away.

Firstly,

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Now on with the fix....

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#6 Lifeson22

Lifeson22
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 21 April 2009 - 01:46 PM

ComboFix 09-04-21.A8 - Owner 04/21/2009 14:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1501 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
FW: Symantec Endpoint Protection *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\gxvxcrarxcrgarqwwpuifswoiqdokhirkxbsc.sys
c:\windows\system32\gaopdxwcrabwcusdacnttnuqcfscbkmmddugph.dll
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcighrdswjtensdfvnyidwgrhvnbhpxejh.dll
d:\recycler\S-4-5-70-100026889-100023008-100029441-1186.com

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-21 02:48 . 2009-04-21 02:48 -------- d-----w c:\documents and settings\Owner\Application Data\Move Networks
2009-04-20 21:43 . 2009-04-20 21:43 -------- d-----w C:\rsit
2009-04-19 06:16 . 2009-04-19 06:16 -------- d-----w c:\documents and settings\Owner\Application Data\Sunbelt
2009-04-19 06:16 . 2009-04-19 06:16 -------- d-----w c:\documents and settings\All Users\Application Data\Sunbelt
2009-04-19 04:56 . 2009-04-19 04:56 -------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-04-19 04:53 . 2009-04-19 04:53 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-19 04:51 . 2009-04-19 04:51 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-04-19 04:29 . 2009-04-19 04:29 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-19 04:06 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-19 04:06 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 04:06 . 2009-04-19 04:06 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-19 03:48 . 2009-04-19 03:51 36 ---h--r c:\windows\sued.dat
2009-04-19 02:56 . 2009-04-19 05:59 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-18 19:51 . 2009-04-18 21:37 256 ----a-w c:\windows\system32\pool.bin
2009-04-18 19:51 . 2009-04-18 19:51 -------- d-----w c:\documents and settings\Owner\Application Data\Research In Motion
2009-04-18 19:50 . 2007-01-18 14:24 26496 ----a-r c:\windows\system32\drivers\RimSerial.sys
2009-04-18 06:27 . 2009-04-18 06:27 -------- d-----w c:\documents and settings\Owner\Application Data\Image Zone Express
2009-04-16 22:17 . 2009-04-16 22:17 -------- d-sh--w c:\windows\ftpcache
2009-04-11 03:21 . 2009-04-11 03:21 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-04 21:31 . 2009-04-04 21:31 -------- d-----w c:\windows\system32\LogFiles
2009-04-03 21:23 . 2009-04-06 22:32 -------- d-----w c:\documents and settings\Owner\.autobahn
2009-04-03 21:23 . 2009-04-06 22:32 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Autobahn
2009-04-03 21:22 . 2009-04-06 22:32 -------- d-----w c:\documents and settings\Owner\Swarmcast
2009-04-03 21:22 . 2009-04-03 21:22 -------- d-----w c:\windows\Sun
2009-04-03 06:00 . 2009-04-03 06:00 -------- d--h--w c:\windows\PIF
2009-04-03 05:46 . 2009-04-17 22:48 -------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-04-02 02:59 . 2009-04-02 02:59 -------- d-----w c:\documents and settings\Owner\Application Data\HP
2009-04-02 02:59 . 2009-04-02 02:59 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-02 02:55 . 2006-04-10 18:03 38400 ----a-w c:\windows\system32\hpz3l054.dll
2009-04-02 02:52 . 2008-04-14 04:15 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-02 02:52 . 2008-04-14 04:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-02 02:51 . 2006-03-04 01:03 282680 ----a-w c:\windows\system32\HPZidr12.dll
2009-04-02 02:51 . 2006-03-04 01:03 65536 ----a-w c:\windows\system32\HPZinw12.exe
2009-04-02 02:51 . 2006-03-04 01:03 69632 ----a-w c:\windows\system32\HPZipm12.exe
2009-04-02 02:51 . 2006-03-04 01:02 204800 ----a-w c:\windows\system32\HPZipr12.dll
2009-04-02 02:51 . 2006-03-04 01:02 94208 ----a-w c:\windows\system32\HPZipt12.dll
2009-04-02 02:51 . 2006-03-04 01:02 57344 ----a-w c:\windows\system32\HPZisn12.dll
2009-04-02 02:51 . 1998-10-29 20:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-02 02:50 . 2008-04-14 04:17 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-02 02:50 . 2008-04-14 04:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-02 02:49 . 2009-04-02 02:59 117130 ----a-w c:\windows\hpoins11.dat
2009-04-02 02:47 . 2006-04-13 00:04 49664 ----a-w c:\windows\system32\drivers\HPZid412.sys
2009-04-02 02:47 . 2006-04-13 00:04 21568 ----a-w c:\windows\system32\drivers\HPZius12.sys
2009-04-02 02:47 . 2006-04-13 00:04 16496 ----a-w c:\windows\system32\drivers\HPZipr12.sys
2009-04-02 02:45 . 2006-04-13 00:02 659456 ----a-w c:\windows\system32\hpowiax2.dll
2009-04-02 02:45 . 2006-04-13 00:02 827392 ----a-w c:\windows\system32\hpotiop2.dll
2009-04-02 02:45 . 2006-04-13 00:04 282624 ----a-w c:\windows\system32\HPZc3212.dll
2009-04-02 02:45 . 2006-04-13 00:02 254026 ----a-w c:\windows\system32\hpovst09.dll
2009-04-02 02:45 . 2006-01-04 08:12 77824 ----a-w c:\windows\system32\HPZIDS01.dll
2009-04-02 02:45 . 2005-07-19 01:38 98304 ----a-w c:\windows\system32\hpzjsn01.dll
2009-04-02 02:44 . 2006-05-05 23:17 11634 ----a-w c:\windows\hpomdl11.dat
2009-04-02 01:11 . 2009-04-02 01:11 -------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2009-04-02 01:10 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-02 01:10 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-02 01:10 . 2009-04-02 01:10 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-02 01:09 . 2009-04-02 01:10 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-02 01:09 . 2009-04-02 01:09 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Apple
2009-04-02 01:09 . 2009-04-02 01:09 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-02 01:08 . 2009-04-02 01:11 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-04-02 00:20 . 2009-04-07 00:22 -------- d-----w c:\documents and settings\Owner\Application Data\ArcSoft
2009-04-01 23:52 . 2008-04-14 04:15 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-01 23:52 . 2008-04-14 04:15 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-01 23:52 . 2008-04-14 04:15 60032 -c--a-w c:\windows\system32\dllcache\usbaudio.sys
2009-04-01 23:52 . 2008-04-14 04:15 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
2009-04-01 23:52 . 2008-04-14 09:42 20992 -c--a-w c:\windows\system32\dllcache\dshowext.ax
2009-04-01 23:52 . 2008-04-14 09:42 20992 ----a-w c:\windows\system32\dshowext.ax
2009-04-01 23:52 . 2008-04-14 04:16 121984 -c--a-w c:\windows\system32\dllcache\usbvideo.sys
2009-04-01 23:52 . 2008-04-14 04:16 121984 ----a-w c:\windows\system32\drivers\usbvideo.sys
2009-04-01 23:52 . 2008-04-14 04:15 32128 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-01 23:52 . 2008-04-14 04:15 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-01 23:51 . 2009-04-01 23:51 -------- d-----w c:\documents and settings\Owner\Application Data\InstallShield
2009-04-01 23:48 . 2009-04-01 23:48 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\ArcSoft
2009-04-01 23:47 . 2006-11-10 19:05 18688 ----a-w c:\windows\system32\drivers\afc.sys
2009-04-01 23:47 . 1995-08-01 08:44 212480 ----a-w c:\windows\PCDLIB32.DLL
2009-04-01 23:47 . 2004-05-04 15:53 1645320 ----a-w c:\windows\system32\gdiplus.dll
2009-04-01 23:45 . 2005-04-27 20:36 245408 ----a-w c:\windows\system32\unicows.dll
2009-04-01 23:45 . 2007-07-02 19:08 15616 ----a-w c:\windows\system32\drivers\ArcSoftVirtualCapture.sys
2009-04-01 23:45 . 2006-03-30 20:53 212480 ----a-w c:\windows\system32\PCDLIB32.DLL
2009-04-01 23:45 . 2006-12-07 13:22 49152 ----a-w c:\windows\system32\ArcFakeCapture.dll
2009-04-01 23:36 . 2009-04-02 02:14 68840 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 22:18 . 2009-04-01 22:18 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-01 22:18 . 2009-04-21 03:18 -------- d-----w c:\documents and settings\Owner\Application Data\skypePM
2009-04-01 22:16 . 2009-04-21 04:00 -------- d-----w c:\documents and settings\Owner\Application Data\Skype
2009-04-01 21:47 . 2009-04-01 21:47 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-01 21:42 . 2009-04-01 21:42 -------- d-----w c:\documents and settings\Owner\Application Data\acccore
2009-04-01 21:42 . 2009-04-01 21:42 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\AOL OCP
2009-04-01 21:42 . 2009-04-01 21:42 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\AOL
2009-04-01 21:42 . 2009-04-01 21:42 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-01 21:42 . 2009-04-01 21:42 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-04-01 21:42 . 2009-04-01 21:42 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-01 21:42 . 2009-04-01 21:42 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-04-01 21:41 . 2009-04-01 21:42 458 ---ha-w C:\IPH.PH
2009-04-01 21:35 . 2009-04-01 21:35 0 ----a-w c:\windows\nsreg.dat
2009-04-01 21:35 . 2009-04-01 21:35 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-04-01 21:15 . 2006-10-26 23:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-01 21:11 . 2009-04-01 21:13 -------- d-----w c:\windows\SHELLNEW
2009-04-01 21:10 . 2009-04-01 21:10 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Help
2009-04-01 21:10 . 2009-04-01 21:15 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-01 21:10 . 2009-04-01 21:10 -------- d--h--r C:\MSOCache
2009-04-01 19:13 . 2009-04-01 19:13 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-01 19:13 . 2009-04-01 19:13 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-01 19:08 . 2009-04-01 19:08 -------- d-----w C:\Adobe Reader 9 Installer
2009-04-01 19:07 . 2009-04-03 20:51 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2009-04-01 19:07 . 2009-04-01 19:24 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-01 18:57 . 2008-04-14 09:42 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-01 18:57 . 2001-08-18 02:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-01 18:57 . 2008-04-14 09:42 18944 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-04-01 18:57 . 2001-08-18 02:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-04-01 18:57 . 2001-08-18 02:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-04-01 18:57 . 2001-08-18 02:37 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe
2009-04-01 18:57 . 2001-08-17 16:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys
2009-04-01 18:57 . 2008-04-14 02:04 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-04-01 18:55 . 2008-04-14 02:04 11807 -c--a-w c:\windows\system32\dllcache\wadv07nt.sys
2009-04-01 18:54 . 2001-08-17 17:28 765884 -c--a-w c:\windows\system32\dllcache\usrti.sys
2009-04-01 18:54 . 2001-08-17 17:28 113762 -c--a-w c:\windows\system32\dllcache\usrpda.sys
2009-04-01 18:54 . 2001-08-17 17:28 7556 -c--a-w c:\windows\system32\dllcache\usroslba.sys
2009-04-01 18:54 . 2001-08-17 17:28 224802 -c--a-w c:\windows\system32\dllcache\usr1807a.sys
2009-04-01 18:54 . 2001-08-17 17:28 794399 -c--a-w c:\windows\system32\dllcache\usr1806v.sys
2009-04-01 18:54 . 2001-08-17 17:28 793598 -c--a-w c:\windows\system32\dllcache\usr1806.sys
2009-04-01 18:54 . 2001-08-17 17:28 794654 -c--a-w c:\windows\system32\dllcache\usr1801.sys
2009-04-01 18:54 . 2008-04-14 04:15 26112 -c--a-w c:\windows\system32\dllcache\usbser.sys
2009-04-01 18:54 . 2008-04-14 04:15 17152 -c--a-w c:\windows\system32\dllcache\usbohci.sys
2009-04-01 18:54 . 2008-04-14 04:26 12800 -c--a-w c:\windows\system32\dllcache\usb8023x.sys
2009-04-01 18:54 . 2008-04-14 02:05 32384 -c--a-w c:\windows\system32\dllcache\usb101et.sys
2009-04-01 18:53 . 2001-08-18 02:36 94720 -c--a-w c:\windows\system32\dllcache\umaxud32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 06:34 . 2009-04-19 06:34 -------- d-----w c:\program files\Trend Micro
2009-04-19 06:16 . 2009-04-19 06:16 -------- d-----w c:\program files\Sunbelt Software
2009-04-19 06:04 . 2009-04-19 06:04 -------- d-----w c:\program files\AVG
2009-04-19 05:59 . 2009-04-19 05:41 -------- d-----w c:\program files\Panda Security
2009-04-19 04:53 . 2009-04-19 04:51 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-19 04:52 . 2009-04-18 19:49 -------- d-----w c:\program files\Common Files\Research In Motion
2009-04-19 04:51 . 2009-04-18 23:56 -------- d-----w c:\program files\Autorun Eater
2009-04-19 04:50 . 2009-04-19 04:50 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-19 04:46 . 2009-04-19 04:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 20:55 . 2009-04-18 20:55 -------- d-----w c:\program files\Research In Motion
2009-04-11 03:21 . 2009-04-11 03:21 -------- d-----w c:\program files\iTunes
2009-04-11 03:21 . 2009-04-11 03:21 -------- d-----w c:\program files\iPod
2009-04-11 03:21 . 2009-04-02 01:09 -------- d-----w c:\program files\Common Files\Apple
2009-04-08 15:19 . 2009-04-01 17:32 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 15:18 . 2009-04-01 23:46 -------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
2009-04-05 04:22 . 2009-04-05 04:22 -------- d-----w c:\documents and settings\Owner\Application Data\DivX
2009-04-05 04:22 . 2009-04-05 04:21 -------- d-----w c:\program files\DivX
2009-04-05 04:21 . 2009-04-05 04:21 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-03 05:46 . 2009-04-03 05:46 -------- d-----w c:\program files\uTorrent
2009-04-02 07:00 . 2009-04-02 07:00 -------- d-----w c:\program files\MSXML 4.0
2009-04-02 02:59 . 2009-04-01 23:52 -------- d-----w c:\program files\HP
2009-04-02 02:58 . 2009-04-02 02:58 -------- d-----w c:\program files\Common Files\HP
2009-04-02 02:57 . 2009-04-02 02:56 -------- d-----w c:\program files\Hewlett-Packard
2009-04-02 02:56 . 2009-04-02 02:56 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-02 01:10 . 2009-04-02 01:10 -------- d-----w c:\program files\Bonjour
2009-04-02 01:10 . 2009-04-02 01:09 -------- d-----w c:\program files\QuickTime
2009-04-02 01:09 . 2009-04-02 01:09 -------- d-----w c:\program files\Apple Software Update
2009-04-01 23:48 . 2009-04-01 23:45 -------- d-----w c:\program files\ArcSoft
2009-04-01 23:46 . 2009-04-01 23:45 -------- d-----w c:\program files\Common Files\ArcSoft
2009-04-01 21:59 . 2009-04-01 17:16 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-01 21:47 . 2009-04-01 21:47 -------- d-----w c:\program files\Common Files\Skype
2009-04-01 21:47 . 2009-04-01 21:47 -------- d-----r c:\program files\Skype
2009-04-01 21:42 . 2009-04-01 21:41 -------- d-----w c:\program files\AIM6
2009-04-01 21:42 . 2009-04-01 21:42 -------- d-----w c:\program files\Viewpoint
2009-04-01 21:41 . 2009-04-01 21:41 -------- d-----w c:\program files\Common Files\AOL
2009-04-01 21:14 . 2009-04-01 21:14 -------- d-----w c:\program files\Microsoft Works
2009-04-01 21:14 . 2009-04-01 21:14 -------- d-----w c:\program files\MSBuild
2009-04-01 19:24 . 2009-04-01 19:07 -------- d-----w c:\program files\NOS
2009-04-01 19:13 . 2009-04-01 19:13 -------- d-----w c:\program files\Java
2009-04-01 19:09 . 2009-04-01 19:09 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-01 19:09 . 2009-04-01 19:08 -------- d-----w c:\program files\Common Files\Adobe
2009-04-01 18:12 . 2009-04-01 18:11 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-01 18:11 . 2009-04-01 18:11 -------- d-----w c:\program files\Symantec
2009-04-01 17:46 . 2009-04-01 17:42 -------- d-----w c:\program files\Broadcom
2009-04-01 17:40 . 2009-04-01 17:40 -------- d-----w c:\program files\ATI Technologies
2009-04-01 17:40 . 2009-04-01 17:29 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-01 17:37 . 2009-04-01 17:37 -------- d-----w c:\program files\Creative
2009-04-01 17:35 . 2009-04-01 17:35 -------- d-----w c:\program files\BlueTooth
2009-04-01 17:32 . 2009-04-01 17:32 -------- d-----w c:\program files\Toshiba
2009-04-01 17:32 . 2009-04-01 17:32 -------- d-----w c:\program files\SigmaTel
2009-04-01 17:30 . 2009-04-01 17:30 -------- d-----w c:\program files\DIFX
2009-04-01 17:29 . 2009-04-01 17:29 -------- d-----w c:\program files\Synaptics
2009-04-01 17:28 . 2009-04-01 17:25 -------- d-----w c:\program files\Intel
2009-04-01 17:26 . 2009-04-01 17:26 -------- d-----w c:\documents and settings\Owner\Application Data\Intel
2009-04-01 17:26 . 2009-04-01 17:26 -------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2009-04-01 17:26 . 2009-04-01 17:26 -------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2009-04-01 17:26 . 2009-04-01 17:26 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2009-04-01 17:26 . 2009-04-01 17:26 -------- d-----w c:\documents and settings\All Users\Application Data\Intel
2009-04-01 17:23 . 2009-04-01 17:26 21361 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-04-01 17:23 . 2009-04-01 17:26 21361 ----a-w c:\windows\AegisP.sys
2009-04-01 17:17 . 2009-04-01 17:17 -------- d-----w c:\program files\microsoft frontpage
2009-04-01 17:13 . 2009-04-01 17:13 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-17 17:26 . 2009-03-17 17:26 65320 ----a-w c:\windows\system32\sbbd.exe
2009-03-13 22:01 . 2007-06-19 21:08 149768 ----a-w c:\windows\system32\drivers\WpsHelper.sys
2009-02-24 19:35 . 2009-04-05 04:22 9464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-02-24 19:35 . 2009-04-05 04:22 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-02-24 19:35 . 2009-04-05 04:22 43528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-02-24 19:35 . 2009-04-05 04:22 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:35 . 2009-04-05 04:22 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2009-04-05 04:22 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\jklewkrj.dat.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2009-03-17 681256]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Owner\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2009-4-1 801032]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files\HP\Button Manager\BM.exe [2009-4-1 249856]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Magic-i.lnk - c:\program files\ArcSoft\Magic-i 3\Magic-i.exe [2009-4-1 530944]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 szkg5;szkg; [x]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2008-10-22 92464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2009-03-17 894248]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]

.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
SafeBoot-Symantec Antvirus


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\em7ahgo7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\em7ahgo7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 14:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
Completion time: 2009-04-21 14:43
ComboFix-quarantined-files.txt 2009-04-21 18:43

Pre-Run: 51,496,792,064 bytes free
Post-Run: 52,841,172,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

357 --- E O F --- 2009-04-02 07:00

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:21 PM

Posted 22 April 2009 - 03:54 AM

That's a good log. :) How is the computer running?

Let's run a longer scan to make sure we've got everything.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Please post a new HijackThis log too.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:21 PM

Posted 24 April 2009 - 09:07 PM

Hi Lifeson22,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#9 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:21 PM

Posted 26 April 2009 - 05:23 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users