Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can i get help on running the logs


  • This topic is locked This topic is locked
5 replies to this topic

#1 Ninetyfeet

Ninetyfeet

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 03 October 2011 - 02:16 PM

This started last night and just gets worse. I initially saved the latest documents off my HD as a safety measure. I have read about this nasty virus and have tried to use mbam with no avail. Tried to run the defogger, DSS, GMER as per this website but keep getting a popup that says "Security Warning The file "WinRAR.exe" is infected. Running of application is impossible. Please activate your antivirus software. That happens for EVERY program including opening my control panel's firewall menu.

Also, Aside from the System Restore and I am now getting some OpenCloud AV that is popping up.

Help please. What do I need to do to run the necessary logs?

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 Ninetyfeet

Ninetyfeet
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 03 October 2011 - 03:25 PM

I was able to run the defogger but the DSS log is a bunch of jumbled characters and not like any of the ones posted here. Am I missing something else?

In the jumble it does say "This program cannot be run in DOS mode." The rest of the log file doesn't appear to have anything else in it but random characters.

Finally was able to run GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-03 19:47:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_PZA064_SSD rev.2.9.01
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxdyapoc.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF744DE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF742ECDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF742EECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF744E610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF744E8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF744CB14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF744ED30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF744E0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF742E982]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 17A 804E49D4 4 Bytes [C4, E8, 44, F7]
.text ntoskrnl.exe!ZwYieldExecution + 47A 804E4CD4 4 Bytes JMP C9B5441B
.text ntoskrnl.exe!IoAllocateIrp + C 804EAFC9 7 Bytes CALL 8A56CC75
? gtia.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0199000A
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 019A000A
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0198000C
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0260000A
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0261000A
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0262000A
.text C:\WINDOWS\system32\svchost.exe[1972] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 025F000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) BA4CB000-BA4EB000 (131072 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xDF 0x4F 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x2C 0xDA 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x34 0xE6 0x88 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xDF 0x4F 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x2C 0xDA 0x62 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x34 0xE6 0x88 0xAD ...

---- Files - GMER 1.0.15 ----

ADS C:\Documents and Settings\Administrator\Local Settings\Temp\640038314:1439357401.exe 784 bytes executable
File C:\WINDOWS\$NtUninstallKB29676$\142311621 0 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894 0 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\bckfg.tmp 823 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\cfg.ini 359 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\keywords 30 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\kwrd.dll 208896 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\L 0 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\L\rohepcid 52480 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\U 0 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\U\00000002.@ 209920 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB29676$\2855609894\U\80000032.@ 71168 bytes

---- EOF - GMER 1.0.15 ----

and ComboFix

ComboFix 11-10-03.01 - Administrator 10/03/2011 21:20:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1420 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Administrator\Application Data\EurekaLog
C:\Documents and Settings\Administrator\Application Data\EurekaLog\tcap\BugReport.zip
C:\Documents and Settings\Administrator\Application Data\PzzzONttxAuv2bOpen Cloud AV.ico
C:\Documents and Settings\Administrator\Application Data\R666dEKK8RZ9hXjOpen Cloud AV.ico
C:\Documents and Settings\Administrator\Application Data\V999hTXqjUelBrPOpen Cloud AV.ico
C:\Documents and Settings\Administrator\Application Data\y9hhTXXwjUVIBzOpen Cloud AV.ico
C:\Documents and Settings\Administrator\g2mdlhlpx.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Data Restore
C:\Documents and Settings\Administrator\Start Menu\Programs\Data Restore\Data Restore.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Data Restore\Uninstall Data Restore.lnk
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
C:\install.exe
C:\WINDOWS\$NtUninstallKB29676$
C:\WINDOWS\$NtUninstallKB29676$\142311621
C:\WINDOWS\$NtUninstallKB29676$\2855609894\@
C:\WINDOWS\$NtUninstallKB29676$\2855609894\bckfg.tmp
C:\WINDOWS\$NtUninstallKB29676$\2855609894\cfg.ini
C:\WINDOWS\$NtUninstallKB29676$\2855609894\Desktop.ini
C:\WINDOWS\$NtUninstallKB29676$\2855609894\keywords
C:\WINDOWS\$NtUninstallKB29676$\2855609894\kwrd.dll
C:\WINDOWS\$NtUninstallKB29676$\2855609894\L\rohepcid
C:\WINDOWS\$NtUninstallKB29676$\2855609894\lsflt7.ver
C:\WINDOWS\$NtUninstallKB29676$\2855609894\U\00000001.@
C:\WINDOWS\$NtUninstallKB29676$\2855609894\U\00000002.@
C:\WINDOWS\$NtUninstallKB29676$\2855609894\U\80000000.@
C:\WINDOWS\$NtUninstallKB29676$\2855609894\U\80000032.@
C:\WINDOWS\640038314

Infected copy of C:\WINDOWS\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - The cat found it :)

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_aa352626


((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))


2011-10-04 01:44:29 . 2011-10-04 01:44:29 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\f44aQQH6dW
2011-10-04 01:44:29 . 2011-10-04 01:44:29 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\A77ffRL99TXqjCl
2011-10-04 01:14:32 . 2008-04-14 12:48:02 52480 ----a-w- C:\WINDOWS\system32\drivers\i8042prt.sys
2011-10-04 00:41:01 . 2011-10-04 00:41:01 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\PzzzONttxAuv2b
2011-10-04 00:41:01 . 2011-10-04 00:41:01 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\n77fEEL8gTZjYwk
2011-10-04 00:34:24 . 2011-10-04 00:34:24 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\V999hTXqjUelBrP
2011-10-04 00:34:24 . 2011-10-04 00:34:24 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\f4aaQH6dWK
2011-10-03 17:41:48 . 2011-10-03 17:41:48 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\R666dEKK8RZ9hXj
2011-10-03 17:41:48 . 2011-10-03 17:41:48 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\B000uvvS2ib3pG5
2011-10-03 17:38:17 . 2011-10-03 17:38:17 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\y9hhTXXwjUVIBz
2011-10-03 17:38:17 . 2011-10-03 17:38:17 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\BddWKK8fRZ
2011-10-03 17:07:41 . 2011-10-03 17:07:41 -------- d-----w- C:\WINDOWS\system32\FwjjUUVelOBtP0c
2011-10-03 17:07:41 . 2011-10-03 17:07:41 -------- d-----w- C:\EGG55aQQJ6EK8R9
2011-10-03 17:07:26 . 2011-10-03 17:07:26 2412032 ----a-w- C:\WINDOWS\system32\PqqqjYYCekIrzN.exe
2011-10-03 17:07:26 . 2011-10-03 17:07:26 -------- d-----w- C:\yaammH66sW7fE9T
2011-10-03 06:31:42 . 2011-10-03 06:31:52 -------- d-----w- C:\WINDOWS\Standalone System Sweeper
2011-10-03 02:01:58 . 2011-10-03 16:36:00 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware3
2011-10-02 19:45:39 . 2011-10-02 19:45:39 -------- d-sh--w- C:\Documents and Settings\Administrator\PrivacIE
2011-10-02 19:37:09 . 2011-10-02 19:37:09 -------- d-sh--w- C:\Documents and Settings\Administrator\IETldCache
2011-10-02 19:16:02 . 2011-10-02 19:16:02 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
2011-10-02 07:19:19 . 2011-10-02 07:19:19 -------- d-sh--w- C:\Documents and Settings\LocalService\IETldCache
2011-09-30 23:48:47 . 2011-09-30 23:51:01 -------- dc-h--w- C:\WINDOWS\ie8
2011-09-30 23:44:03 . 2010-10-18 11:10:56 7680 -c----w- C:\WINDOWS\system32\dllcache\iecompat.dll
2011-09-30 23:43:57 . 2011-06-23 18:36:30 12800 -c----w- C:\WINDOWS\system32\dllcache\xpshims.dll
2011-09-30 23:43:55 . 2011-06-23 18:36:29 743424 -c----w- C:\WINDOWS\system32\dllcache\iedvtool.dll
2011-09-30 23:43:54 . 2011-06-23 18:36:30 247808 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll
2011-09-30 23:42:20 . 2011-10-02 07:15:57 -------- d-----w- C:\c9855a047d970c94f574
2011-09-29 01:49:13 . 2011-09-29 01:49:13 -------- d-----w- C:\WINDOWS\system32\20-20 Technologies
2011-09-18 01:26:04 . 2011-09-18 01:26:04 -------- d--h--w- C:\Documents and Settings\Administrator\Application Data\ProgSense
2011-09-18 01:25:59 . 2011-09-25 19:12:50 -------- d-----w- C:\downloads
2011-09-18 01:25:59 . 2011-09-18 01:25:59 -------- d--h--w- C:\Documents and Settings\Administrator\Application Data\GrabPro
2011-09-18 01:25:52 . 2011-09-26 15:42:04 -------- d--h--w- C:\Documents and Settings\Administrator\Application Data\Orbit
2011-09-18 01:25:52 . 2011-09-18 01:25:56 -------- d-----w- C:\Program Files\Orbitdownloader
2011-09-14 16:57:45 . 2011-08-30 17:33:42 95672 ----a-w- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-04 21:08:02 . 2011-10-03 00:18:44 -------- d--h--w- C:\Documents and Settings\Administrator\Application Data\Dropbox
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-26 13:56:04 . 2011-06-29 15:15:36 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12:13 . 2008-04-25 16:16:10 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-08-31 21:00:50 . 2010-03-05 04:07:32 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-15 13:29:31 . 2008-04-25 16:16:18 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-07-12 15:20:54 . 2011-07-12 15:20:54 83816 ----a-w- C:\WINDOWS\system32\dns-sd.exe
2011-07-12 15:20:54 . 2011-07-12 15:20:54 73064 ----a-w- C:\WINDOWS\system32\dnssd.dll
2011-07-08 14:02:00 . 2008-04-25 16:16:20 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys
2011-07-06 20:32:50 . 2011-07-14 19:53:10 83360 ----a-w- C:\WINDOWS\system32\LMIRfsClientNP.dll
2011-07-06 20:32:36 . 2011-07-14 19:53:10 53632 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 20:32:30 . 2011-07-14 19:53:10 29568 ----a-w- C:\WINDOWS\system32\LMIport.dll
2011-07-06 20:32:28 . 2011-07-14 19:53:06 87424 ----a-w- C:\WINDOWS\system32\LMIinit.dll
2010-03-29 13:51:48 . 2010-03-29 13:51:48 28472 ----a-w- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2010-03-29 13:51:49 . 2010-03-29 13:51:49 185224 ----a-w- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
2010-03-29 13:52:03 . 2010-03-29 13:52:10 46392 ----a-w- C:\Program Files\mozilla firefox\plugins\atmccli.dll
2010-03-29 13:52:09 . 2010-03-29 13:52:09 99208 ----a-w- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 17:58:58 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 17:58:58 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ---ha-w- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ---ha-w- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ---ha-w- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ---ha-w- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Digiarty_Software_AirPlayit"="C:\Program Files\Digiarty\Air_Playit\airplayit.exe" [2011-07-29 20:18:18 9331560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-01-25 09:34:22 159744]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-06 00:24:46 405504]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 00:26:04 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-28 01:33:44 125168]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 12:00:00 143360]
"ProcessLassoManagementConsole"="C:\Program Files\Process Lasso\processlasso.exe" [2011-06-07 15:01:06 579088]
"ProcessGovernor"="C:\Program Files\Process Lasso\processgovernor.exe" [2011-06-07 15:01:06 308752]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 23:04:04 63048]
"eFax 4.4"="C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 18:24:07 95744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2011-07-05 22:36:48 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-08-19 05:07:38 421736]
"Family Tree Builder Update"="C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe" [2010-10-31 13:46:28 226832]
"Q222obFF4pG8234A"="C:\WINDOWS\system32\PqqqjYYCekIrzN.exe" [2011-10-03 17:07:26 2412032]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 02:41:34 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20:28 73728 ----a-w- C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-06 20:32:28 87424 ----a-w- C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1614895754-1897051121-839522115-2628\Scripts\Logon\0\0]
"Script"=login.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Riverbed\\Steelhead Mobile\\rbtmon.exe"=
"C:\\Program Files\\Riverbed\\Steelhead Mobile\\rbtsport.exe"=
"C:\\Program Files\\Riverbed\\Steelhead Mobile\\shmobile.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"C:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Digiarty\\Air_Playit\\airplayit.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R0 hotcore3;hc3ServiceName;C:\WINDOWS\system32\drivers\hotcore3.sys [4/8/2009 11:08:38 AM 40560]
R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [3/5/2010 7:54:03 PM 207280]
R1 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREDrv.sys [3/5/2010 2:21:30 AM 101720]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21:48 PM 79432]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe [4/6/2011 9:58:19 PM 858480]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE [4/6/2011 9:58:17 PM 2324848]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [4/12/2010 10:13:08 AM 142336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 4:32:14 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\rainfo.sys [1/11/2011 7:04:04 PM 12856]
R2 vmci;VMware vmci;C:\WINDOWS\system32\drivers\vmci.sys [8/14/2009 8:13:56 PM 54960]
R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [4/25/2008 12:16:11 PM 5120]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [11/2/2006 2:32:32 PM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/29/2011 8:07:28 PM 105592]
R3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\drivers\pnetmdm.sys [10/29/2010 10:58:52 PM 9472]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys [5/14/2009 9:39:38 AM 16640]
S0 Lbd;Lbd;C:\WINDOWS\system32\DRIVERS\Lbd.sys --> C:\WINDOWS\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [5/13/2010 7:56:55 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25:12 PM 2151640]
S3 BBSvc;Bing Bar Update Service;C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 7:44:14 PM 183560]
S3 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [3/5/2010 8:05:42 PM 112592]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [5/13/2010 7:56:55 PM 136176]
S3 qrkis;Tether Miniport;C:\WINDOWS\system32\drivers\qrkis.sys [10/29/2010 8:49:39 PM 45608]
S3 RBT;RVBD_SH_Mobile_Intercept;C:\PROGRA~1\Riverbed\STEELH~1\RBT.sys [6/10/2008 5:59:52 PM 251776]
S3 RGService;RGService;C:\Program Files\RadioGet\RGService.exe [1/8/2010 2:02:35 PM 335872]
S3 RVBD_SH_Mobile_Logger;Riverbed Steelhead Mobile Log Service;C:\Program Files\Riverbed\Steelhead Mobile\rbtlogger.exe [6/10/2008 5:59:52 PM 380928]
S3 RVBD_SH_Mobile_Monitor;Riverbed Steelhead Mobile Monitor Service;C:\Program Files\Riverbed\Steelhead Mobile\rbtmon.exe [6/10/2008 5:59:52 PM 1921024]
S3 SavRoam;SAVRoam;C:\Program Files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33:38 PM 116464]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\Spyware Doctor\pctsAuxs.exe [3/5/2010 7:53:31 PM 365280]
S3 TivoInstallHelper;TiVo Install Helper;C:\WINDOWS\Installer\MSI2AE.tmp [3/22/2010 1:23:43 AM 945664]
S3 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [3/3/2009 12:19:47 AM 24652]
S4 sptd;sptd;C:\WINDOWS\system32\Drivers\sptd.sys --> C:\WINDOWS\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

Contents of the 'Scheduled Tasks' folder

2011-10-03 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 19:25:12 . 2011-09-25 19:21:36]

2011-10-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50:20 . 2011-06-01 21:57:16]

2011-10-04 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2010-01-14 16:26:03 . 2009-12-14 17:09:04]

2011-10-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-13 23:56:55 . 2010-05-13 23:56:39]

2011-10-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-13 23:56:55 . 2010-05-13 23:56:39]

2011-10-04 C:\WINDOWS\Tasks\TCActive!.job
- C:\Program Files\The Cleaner\tcap.exe [2011-04-04 13:42:46 . 2011-08-19 22:17:34]

2011-10-02 C:\WINDOWS\Tasks\The Cleaner 2012 Smart Scan.job
- C:\Program Files\The Cleaner\cleaner8.exe [2011-04-04 13:42:35 . 2011-09-13 08:25:06]

2011-10-02 C:\WINDOWS\Tasks\The Cleaner 2012 Update.job
- C:\Program Files\The Cleaner\cleaner8.exe [2011-04-04 13:42:35 . 2011-09-13 08:25:06]


------- Supplementary Scan -------

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
IE: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: C:\Program Files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.10.1
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///C:/Documents%20and%20Settings/Administrator/Desktop/NASFinder-050809/html/nafcom.cab
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_177/View22RTEv4.cab
FF - ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7cb6ri0.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {9B806974-9189-46CA-9EAA-C66687CD8706} - C:\Documents and Settings\Administrator\Local Settings\Application Data\{9B806974-9189-46CA-9EAA-C66687CD8706}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com
FF - Ext: Quick Locale Switcher: {25A1388B-6B18-46c3-BEBA-A81915D0DE8F} - %profile%\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: Texpertension: texpertension@texperts.com - %profile%\extensions\texpertension@texperts.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - user.js: general.useragent.extra.brc - BRI/1


------- File Associations -------

.scr=DWGTrueViewScriptFile

- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-BlackBerryAutoUpdate - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe


Not sure if those help or not.
Thanks.

Moved and merged three posts from here: http://www.bleepingcomputer.com/forums/topic421706.html ~ OB

Edited by Orange Blossom, 04 October 2011 - 12:05 AM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 PM

Posted 08 October 2011 - 02:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421719 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Ninetyfeet

Ninetyfeet
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 08 October 2011 - 07:49 PM

1. I finally was able to completely run MBAM and it did clear some items. I also updated my Symantec software. However, I am still getting some weird notifications about trackers.

2. Logs are below.

3. I do not have the CD

4. Thank you.

DDR: Still would not run. Below are the first two lines of output:
MZ   @  !L!This program cannot be run in DOS mode.

GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-08 20:34:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_PZA064_SSD rev.2.9.01
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxdyapoc.sys


---- System - GMER 1.0.15 ----

SSDT 8A1A3A48 ZwAlertResumeThread
SSDT 8A03FA78 ZwAlertThread
SSDT 8A19E310 ZwAllocateVirtualMemory
SSDT 8A197520 ZwAssignProcessToJobObject
SSDT 89D607A8 ZwConnectPort
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9E55E22]
SSDT 8A043DC0 ZwCreateMutant
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E36CDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E36ECE]
SSDT 8A15F8F0 ZwCreateSymbolicLinkObject
SSDT 8A336300 ZwCreateThread
SSDT 8A1975E0 ZwDebugActiveProcess
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9E56610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9E568C4]
SSDT 8A35A240 ZwDuplicateObject
SSDT 8A377618 ZwFreeVirtualMemory
SSDT 8A35DD50 ZwImpersonateAnonymousToken
SSDT 8A35DE10 ZwImpersonateThread
SSDT 89D6B7C8 ZwLoadDriver
SSDT 8A3B42F0 ZwMapViewOfSection
SSDT 8A35DCD0 ZwOpenEvent
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9E54B14]
SSDT 8A3492D0 ZwOpenProcess
SSDT 8A336238 ZwOpenProcessToken
SSDT 8A207360 ZwOpenSection
SSDT 8A35A310 ZwOpenThread
SSDT 8A15F9C0 ZwProtectVirtualMemory
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9E56D30]
SSDT 8A03FB38 ZwResumeThread
SSDT 8A3BD488 ZwSetContextThread
SSDT 8A060AD8 ZwSetInformationProcess
SSDT 8A3BAD80 ZwSetSystemInformation
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9E560E2]
SSDT 8A207420 ZwSuspendProcess
SSDT 8A086AB8 ZwSuspendThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9E36982]
SSDT 8A3BD408 ZwTerminateThread
SSDT 8A060BA8 ZwUnmapViewOfSection
SSDT 8A19E240 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes [E9, 88, 33, 09, E4] {JMP 0xffffffffe409338d}
.text ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes [E9, 84, 33, 09, E4] {JMP 0xffffffffe4093389}
.text ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes [E9, 00, 33, 09, E4] {JMP 0xffffffffe4093305}
.text ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes [E9, AC, 32, 09, E4] {JMP 0xffffffffe40932b1}
.text ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes [E9, C8, 33, 09, E4] {JMP 0xffffffffe40933cd}
.text ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes [E9, B8, 32, 09, E4] {JMP 0xffffffffe40932bd}
.text ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes [E9, 44, 30, 09, E4] {JMP 0xffffffffe4093049}
.text ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes [E9, 00, 30, 09, E4] {JMP 0xffffffffe4093005}
.text ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes [E9, 0C, 30, 09, E4] {JMP 0xffffffffe4093011}
.text ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes [E9, F4, 2B, 09, E4] {JMP 0xffffffffe4092bf9}
.text ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes [E9, 30, 2A, 09, E4] {JMP 0xffffffffe4092a35}
.text ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes [E9, FC, 28, 09, E4] {JMP 0xffffffffe4092901}
.text ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes [E9, 98, 28, 09, E4] {JMP 0xffffffffe409289d}
.text ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes [E9, C4, 28, 09, E4] {JMP 0xffffffffe40928c9}

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\HidFind.exe[236] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[428] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[488] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[720] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[812] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[836] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[948] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[952] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1036] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[1048] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1148] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1200] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1444] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1468] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1500] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1512] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[1520] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[1584] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[1636] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]

Remaining GMER log that wouldn't fit in the above post:

.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apntex.exe[1740] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtMapViewOfSection 7C90D51E 10 Bytes JMP 032E00B3
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 032E016C
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 032E0447
.text C:\Program Files\internet explorer\iexplore.exe[1776] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 032E0225
.text C:\Program Files\internet explorer\iexplore.exe[1776] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 032E0391
.text C:\Program Files\internet explorer\iexplore.exe[1776] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 032E04FD
.text C:\Program Files\internet explorer\iexplore.exe[1776] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 032E02DB
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ole32.dll!CreateBindCtx + B5F 774FF14F 7 Bytes JMP 032E0671
.text C:\Program Files\internet explorer\iexplore.exe[1776] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1776] ole32.dll!CoImpersonateClient + 51 775151F0 7 Bytes JMP 032E05B7
.text C:\Program Files\internet explorer\iexplore.exe[1776] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[1792] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2040] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\StacSV.exe[2084] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\ApMsgFwd.exe[2220] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2304] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe[2352] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2368] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[2460] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2464] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2508] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2596] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2708] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2756] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3216] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Apoint\Apoint.exe[3272] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3304] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3428] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe[3500] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3784] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Administrator\Desktop\VIRUS TOOLS\gmer.exe[4068] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4240] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtMapViewOfSection 7C90D51E 10 Bytes JMP 0303003A
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 030300F7
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 030303D2
.text C:\Program Files\internet explorer\iexplore.exe[4624] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 030301B0
.text C:\Program Files\internet explorer\iexplore.exe[4624] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0303031C
.text C:\Program Files\internet explorer\iexplore.exe[4624] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 03030488
.text C:\Program Files\internet explorer\iexplore.exe[4624] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 03030266
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ole32.dll!CreateBindCtx + B5F 774FF14F 7 Bytes JMP 030305F8
.text C:\Program Files\internet explorer\iexplore.exe[4624] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4624] ole32.dll!CoImpersonateClient + 51 775151F0 7 Bytes JMP 0303053E
.text C:\Program Files\internet explorer\iexplore.exe[4624] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe[5396] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5900] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6076] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[6124] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\MountMgr \Device\MountPointManager SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A54F1D20
Device A5501428

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xDF 0x4F 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x2C 0xDA 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x34 0xE6 0x88 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xDF 0x4F 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x2C 0xDA 0x62 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x34 0xE6 0x88 0xAD ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,074 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:29 PM

Posted 11 October 2011 - 01:57 AM

Hello, my name is Elise and I'll assist you with this issue.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
Firefox::
FF - ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7cb6ri0.default\
FF - Ext: XULRunner: {9B806974-9189-46CA-9EAA-C66687CD8706} - C:\Documents and Settings\Administrator\Local Settings\Application Data\{9B806974-9189-46CA-9EAA-C66687CD8706}
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,074 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:29 PM

Posted 23 October 2011 - 03:24 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users