Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Win32ZAccess.e


  • This topic is locked This topic is locked
4 replies to this topic

#1 dennisparrish

dennisparrish

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 08 October 2011 - 07:20 AM

Hi,
I am working on an XP Pro computer which has been infected with Rootkit Win32.ZAccess.e even though TDSSkiller finds and cures them. It just jumps to another file after the next reboot. Here are the results of the last 6 scans of TDSSKiller.

scan 1 - imapi.sys - reboot
scan 2 - redbook.sys - reboot
scan 3 - cdrom.sys - reboot
scan 4 - imapi.sys - reboot
scan 5 - redbook.sys - reboot
scan 6 - cdrom.sys - reboot

One of the symptoms if left alone is that a fake firewall alert comes up on many executables, particularly malware scanning utility executables such as Malwarebytes and SuperAntiSpyware. It will also kill most online scanners such as ESET and MS Saftey Online scan.

Any help is greatly appreciated. Obviously, we are trying to avoid a reformat but understand that may need to eventually happen.
Thanks in advance
Dennis

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,906 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:13 PM

Posted 08 October 2011 - 11:28 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 dennisparrish

dennisparrish
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 09 October 2011 - 08:05 AM

Thank you Orange Blossom. I have now followed those instructions and I am attaching the results of DDS and Gmer. I also want to mention that I finally got TDSSkiller to remove the rootkit. I may be OK now, but if someone could check these logs and the attached file to be sure, it would be greatly appreciated.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by Joe at 6:35:04 on 2011-10-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2509 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0369.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0369.0\npwinext.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228685036343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{1692C665-30A6-4FE0-87A5-919CDB5C5CBD} : DhcpNameServer = 68.87.64.150 68.87.75.198
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\WinLogoutNotifier.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\joe\application data\mozilla\firefox\profiles\nvpbdtsy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\npccplugin.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\nptcplugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0369.0\npwinext.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymDS.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymEFA.sys [2011-5-17 756856]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\bashdefs\20110929.001\BHDrvx86.sys [2011-9-29 816760]
R1 fortiapd;fortiapd;c:\windows\system32\drivers\fortiapd.sys [2009-9-3 13416]
R1 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys [2009-9-3 98024]
R1 FortiRdr;FortiRdr;c:\windows\system32\drivers\FortiRdr.sys [2009-9-3 29928]
R1 FortiShield;FortiShield;c:\windows\system32\drivers\FortiShield.sys [2009-9-3 36968]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\Ironx86.sys [2011-5-10 136312]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-10-9 116608]
R2 AWService;Admin Works Agent X8;c:\program files\intel\idu\awServ.exe [2006-12-27 74520]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ccSvcHst.exe [2011-6-14 137224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-8 105592]
R3 Fortidrv2;Fortinet Packet Filter Service;c:\windows\system32\drivers\fortidrv.sys [2009-4-6 22432]
R3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\drivers\ftvnic.sys [2009-12-7 14496]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\ipsdefs\20111007.030\IDSXpx86.sys [2011-10-8 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\virusdefs\20111008.008\NAVENG.SYS [2011-10-8 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\virusdefs\20111008.008\NAVEX15.SYS [2011-10-8 1576312]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2009-7-21 36384]
S2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\fortisslvpndaemon.exe --> c:\windows\system32\FortiSSLVPNdaemon.exe [?]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\SyDvCtrl32.sys [2011-6-17 23984]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-10-09 08:19:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-09 08:06:10 -------- d-----w- c:\program files\Unlocker
2011-10-09 01:22:28 -------- d-----w- c:\documents and settings\joe\local settings\application data\Symantec
2011-10-09 01:22:13 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-09 01:22:13 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-09 01:22:13 -------- d-----w- c:\program files\common files\Symantec Shared
2011-10-09 01:21:51 94128 ----a-w- c:\windows\system32\FwsVpn.dll
2011-10-09 01:21:51 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-10-09 01:21:51 374704 ----a-w- c:\windows\system32\sysfer.dll
2011-10-09 01:21:51 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2011-10-09 01:21:51 240048 ----a-w- c:\windows\system32\SymVPN.dll
2011-10-09 01:21:51 10672 ----a-w- c:\windows\system32\sysferThunk.dll
2011-10-09 01:21:36 -------- d-----w- c:\windows\system32\drivers\sep\0c01029f\136b.105\x86
2011-10-09 01:21:36 -------- d-----w- c:\windows\system32\drivers\sep\0c01029f\136B.105
2011-10-09 01:21:36 -------- d-----w- c:\windows\system32\drivers\sep\0C01029F
2011-10-09 01:21:36 -------- d-----w- c:\windows\system32\drivers\SEP
2011-10-09 01:21:35 -------- d-----w- c:\program files\Symantec
2011-10-09 01:06:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-09 01:06:12 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-10-09 01:06:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-08 12:29:47 -------- d-----w- c:\documents and settings\all users\application data\Symantec
2011-10-08 06:18:39 -------- d-----w- C:\VProRecovery
2011-10-08 05:53:09 -------- d-----w- C:\archive_db
2011-10-08 02:08:53 94896 ----a-w- c:\windows\system32\drivers\63388734.sys
2011-10-08 01:17:16 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-10-07 22:03:20 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8118cba-dfc2-4661-8ce3-b1de8639cd77}\offreg.dll
2011-10-07 22:03:19 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8118cba-dfc2-4661-8ce3-b1de8639cd77}\mpengine.dll
2011-10-07 22:03:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-07 22:02:07 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-07 21:12:14 -------- d-----w- c:\windows\pss
2011-10-07 21:11:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-10-07 21:11:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-10-07 17:56:17 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-10-07 17:56:17 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-10-07 17:56:17 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-10-07 17:56:17 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-10-07 17:56:17 -------- d-----w- c:\program files\Prevx
2011-10-07 17:56:12 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
2011-10-07 17:03:50 -------- d-----w- c:\program files\ESET
2011-10-06 21:54:37 -------- d-----w- c:\documents and settings\joe\application data\TeamViewer
2011-10-06 21:54:25 -------- d-----w- c:\documents and settings\joe\temp
.
==================== Find3M ====================
.
2011-10-08 12:22:34 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-08 12:09:48 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-10-08 11:31:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-08 02:41:15 36968 ----a-w- c:\windows\system32\drivers\FortiShield.sys
2011-10-07 23:24:52 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 6:35:43.42 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-09 08:54:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: gj2kmc7t.exe; Driver: C:\DOCUME~1\Joe\LOCALS~1\Temp\fxlyqpow.sys


---- System - GMER 1.0.15 ----

SSDT 8A083108 ZwAlertResumeThread
SSDT 89FC5140 ZwAlertThread
SSDT 89F98890 ZwAllocateVirtualMemory
SSDT 8A231820 ZwAssignProcessToJobObject
SSDT 8A317438 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAE038980]
SSDT 89FE4140 ZwCreateMutant
SSDT 8A231540 ZwCreateSymbolicLinkObject
SSDT 89FC3358 ZwCreateThread
SSDT 8A231C98 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAE038C00]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAE038F10]
SSDT 89FA2C78 ZwDuplicateObject
SSDT 899E7760 ZwFreeVirtualMemory
SSDT 89FC6118 ZwImpersonateAnonymousToken
SSDT 89FC61D8 ZwImpersonateThread
SSDT 8A0E4898 ZwLoadDriver
SSDT 89A1C8C8 ZwMapViewOfSection
SSDT 89FB6220 ZwOpenEvent
SSDT 89E49100 ZwOpenProcess
SSDT 89FA85B0 ZwOpenProcessToken
SSDT 89FF0368 ZwOpenSection
SSDT 89A130C0 ZwOpenThread
SSDT 8A231730 ZwProtectVirtualMemory
SSDT 8A1CD1F0 ZwResumeThread
SSDT 8A2222B0 ZwSetContextThread
SSDT 8A0429A8 ZwSetInformationProcess
SSDT 89FF0240 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAE039160]
SSDT 89FB8AE0 ZwSuspendProcess
SSDT 8A221DF0 ZwSuspendThread
SSDT 8A232958 ZwTerminateProcess
SSDT 89FA32B8 ZwTerminateThread
SSDT 89F9E0C0 ZwUnmapViewOfSection
SSDT 8A049648 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB465E360, 0x3535DF, 0xE8000020]
? C:\DOCUME~1\Joe\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
.text ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes [E9, 88, 33, 09, E4] {JMP 0xffffffffe409338d}
.text ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes [E9, 84, 33, 09, E4] {JMP 0xffffffffe4093389}
.text ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes [E9, 00, 33, 09, E4] {JMP 0xffffffffe4093305}
.text ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes [E9, AC, 32, 09, E4] {JMP 0xffffffffe40932b1}
.text ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes [E9, C8, 33, 09, E4] {JMP 0xffffffffe40933cd}
.text ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes [E9, B8, 32, 09, E4] {JMP 0xffffffffe40932bd}
.text ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes [E9, 44, 30, 09, E4] {JMP 0xffffffffe4093049}
.text ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes [E9, 00, 30, 09, E4] {JMP 0xffffffffe4093005}
.text ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes [E9, 0C, 30, 09, E4] {JMP 0xffffffffe4093011}
.text ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes [E9, F4, 2B, 09, E4] {JMP 0xffffffffe4092bf9}
.text ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes [E9, 30, 2A, 09, E4] {JMP 0xffffffffe4092a35}
.text ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes [E9, FC, 28, 09, E4] {JMP 0xffffffffe4092901}
.text ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes [E9, 98, 28, 09, E4] {JMP 0xffffffffe409289d}
.text ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes [E9, C4, 28, 09, E4] {JMP 0xffffffffe40928c9}

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[316] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[468] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[504] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[1392] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1428] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Documents and Settings\Joe\Desktop\bleeping computer stuff\gj2kmc7t.exe[1480] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\IDU\awServ.exe[1616] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1788] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\winlogon.exe[1852] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1896] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[2100] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2108] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtMapViewOfSection 7C90D51E 10 Bytes JMP 026D003A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 026D00F7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 026D03D2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 026D01B0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 026D031C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 026D0488
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 026D0266
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ole32.dll!CreateBindCtx + B5F 774FF14F 7 Bytes JMP 026D05F8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ole32.dll!CoImpersonateClient + 51 775151F0 7 Bytes JMP 026D053E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2264] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3004] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3728] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 609A0440 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 609A047C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 609A04B8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtDeleteFile + 5 7C90D243 5 Bytes JMP 609A04F4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 609A0620 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 609A0530 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 609A056C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtOpenFile + 5 7C90D5A3 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 609A05A8 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 609A05E4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtRenameKey + 5 7C90DA63 5 Bytes JMP 609A065C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 609A0698 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 609A06D4 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 609A0710 C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[3780] ntdll.dll!NtTerminateThread + 5 7C90DE83 5 Bytes JMP 609A074C C:\WINDOWS\System32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip FortiRdr.sys (FortiClient Redirector Driver/Fortinet Inc)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp FortiRdr.sys (FortiClient Redirector Driver/Fortinet Inc)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\MountMgr \Device\MountPointManager SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp FortiRdr.sys (FortiClient Redirector Driver/Fortinet Inc)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp FortiRdr.sys (FortiClient Redirector Driver/Fortinet Inc)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB62306$\1156270198 0 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\click.tlb 2144 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\L 0 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\L\sxooereo 42112 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\loader.tlb 2540 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\U 0 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\U\$00000001 42988 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\U\@000000c0 3584 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\U\@000000cb 3072 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\U\@80000000 26112 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\U\@800000c0 35840 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\U\@800000cb 27648 bytes
File C:\WINDOWS\$NtUninstallKB62306$\1156270198\U\@800000cf 27648 bytes
File C:\WINDOWS\$NtUninstallKB62306$\2037454016 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 PM

Posted 13 October 2011 - 07:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422451 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 PM

Posted 13 October 2011 - 08:41 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users